Oracle Information for VU#278971

Oracle 9i Application Server does not adequately handle requests for nonexistent JSP files thereby disclosing web folder path information

Status

Affected

Vendor Statement

See http://otn.oracle.com/deploy/security/pdf/jspexecute_alert.pdf

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.