Default Configuration of Oracle Application Server 9iAS 1.0.2.2 Allows Anonymous Deployment of Applications via SOAP

Default Configuration of Oracle Application Server 9iAS 1.0.2.2 Allows Anonymous Deployment of Applications via SOAP

CVE-2001-1371 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager.

Learn more about our Cis Benchmark Audit For Server Software.