{"vuid":"VU#168795","idnumber":"168795","name":"Oracle 9iAS allows anonymous remote users to view sensitive Apache services by default","keywords":["Oracle 9iAS","anonymous users","sensitive monitoring services","default installation","Dynamic Monitoring Services"],"overview":"Oracle Application Server 9iAS allows remote users to access several Apache services without authentication.","clean_desc":"Oracle Application Server 9iAS includes the Apache Web server and several Apache services. In the default install configuration, many of these services, including Dynamic Monitoring Services, can be accessed remotely by anonymous users.","impact":"Dynamic Monitoring Services may be used without authentication by attackers to monitor the internal workings of the Oracle server.","resolution":"The CERT/CC is currently unaware of a practical solution to this problem.","workarounds":"The following workaround was suggested by David Litchfield","sysaffected":"","thanks":"Thanks to David Litchfield for reporting this vulnerability.","author":"This document was written by Shawn Van Ittersum.","public":["http://www.nextgenss.com/papers/hpoas.pdf","http://otn.oracle.com/deploy/security/alerts.htm","http://online.securityfocus.com/bid/4293"],"cveids":["CAN-2002-0563"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2020-05-21T16:12:56.861145Z","publicdate":"2002-01-10T00:00:00Z","datefirstpublished":"2002-03-12T19:19:00Z","dateupdated":"2003-04-09T19:19:00Z","revision":13,"vrda_d1_directreport":null,"vrda_d1_population":null,"vrda_d1_impact":null,"cam_widelyknown":null,"cam_exploitation":null,"cam_internetinfrastructure":null,"cam_population":null,"cam_impact":null,"cam_easeofexploitation":null,"cam_attackeraccessrequired":null,"cam_scorecurrent":null,"cam_scorecurrentwidelyknown":null,"cam_scorecurrentwidelyknownexploited":null,"ipprotocol":null,"cvss_accessvector":null,"cvss_accesscomplexity":null,"cvss_authentication":null,"cvss_confidentialityimpact":null,"cvss_integrityimpact":null,"cvss_availabilityimpact":null,"cvss_exploitablity":null,"cvss_remediationlevel":null,"cvss_reportconfidence":null,"cvss_collateraldamagepotential":null,"cvss_targetdistribution":null,"cvss_securityrequirementscr":null,"cvss_securityrequirementsir":null,"cvss_securityrequirementsar":null,"cvss_basescore":"N/A","cvss_basevector":"N/A","cvss_temporalscore":"N/A","cvss_environmentalscore":"N/A","cvss_environmentalvector":"N/A","metric":11.25,"vulnote":null}