Vulnerability Description
Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the <<ALL FILES>> FilePermission.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Application Server | release_1.0.2.0.1 |
| Oracle | Oracle8I | 8.1.7_r3 |
References
- http://archives.neohapsis.com/archives/bugtraq/2001-02/0255.htmlExploitPatchVendor Advisory
- http://www.osvdb.org/5706
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6438
- http://archives.neohapsis.com/archives/bugtraq/2001-02/0255.htmlExploitPatchVendor Advisory
- http://www.osvdb.org/5706
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6438
FAQ
What is CVE-2001-0326?
CVE-2001-0326 is a vulnerability with a CVSS score of 7.5 (HIGH). Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when t...
How severe is CVE-2001-0326?
CVE-2001-0326 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0326?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Application Server, Oracle Oracle8I.