VULHUB ™

Oracle 9i Application Server comes with an Apache-based web server and Java servlet engine. A vulnerability exists that could allow a malicious user to view the full path to the web folder by sending the server an HTTP request for a non-existant .jsp file. This request could cause the server to send an error message revealing the web folder path information. A similar vulnerability was found in Apache Tomcat 3.1 which may be related to this vulnerability. See BugTraq ID 1531 for details.

Oracle 9i Application Server comes with an Apache-based web server and Java servlet engine. A vulnerability exists that could allow a malicious user to view the full path to the web folder by sending the server an HTTP request for a non-existant .jsp file. This request could cause the server to send an error message revealing the web folder path information. A similar vulnerability was found in Apache Tomcat 3.1 which may be related to this vulnerability. See BugTraq ID 1531 for details.