Test ID:	1.3.6.1.4.1.25623.1.0.10851
Category:	Web application abuses
Title:	Oracle 9iAS Java Process Manager
Summary:	The remote host is an Oracle 9iAS server. It is possible to; obtain the list of Java processes running on the remote host anonymously, as well as to start; and stop them.
Description:	Summary: The remote host is an Oracle 9iAS server. It is possible to obtain the list of Java processes running on the remote host anonymously, as well as to start and stop them. Vulnerability Impact: By default, accessing the location /oprocmgr-status via HTTP lets an attacker obtain the list of processes running on the remote host, and even to start or stop them. Solution: Restrict access to /oprocmgr-status in httpd.conf CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2002-0563 BugTraq ID: 4293 http://www.securityfocus.com/bid/4293 Bugtraq: 20020206 Hackproofing Oracle Application Server paper (Google Search) http://marc.info/?l=bugtraq&m=101301813117562&w=2 http://www.cert.org/advisories/CA-2002-08.html CERT/CC vulnerability note: VU#168795 http://www.kb.cert.org/vuls/id/168795 http://www.appsecinc.com/Policy/PolicyCheck7024.html http://www.nextgenss.com/papers/hpoas.pdf http://www.osvdb.org/13152 http://www.osvdb.org/705 http://securitytracker.com/id?1009167 XForce ISS Database: oracle-appserver-apache-services(8455) https://exchange.xforce.ibmcloud.com/vulnerabilities/8455
Copyright	Copyright (C) 2002 Matt Moore

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.