- Home
- CVEs with nessus.description==In a default installation of Oracle 9iAS v.1.0.2.2, it is possible to
deploy or undeploy SOAP services without the need of any kind of
credentials. This is due to SOAP being enabled by default after
installation in order to provide a convenient way to use SOAP samples.
However, this feature poses a threat to HTTP servers with public access
since remote attackers can create soap services and then invoke them
remotely. Since SOAP services can contain arbitrary Java code in Oracle
9iAS this means that an attacker can execute arbitrary code in the
remote server
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top