8/17/2019 NStalkerReport-22

http://slidepdf.com/reader/full/nstalkerreport-22 1/13

N-Stalker Web ApplicationSecurity Technical Report

Confidential report - must not be disclosed without prior authorizationN-Stalker Web Application Security - Page 1 of

Web Application Security Report(196.203.190.22)

1. Scan Session Summary

1. Scan Statistics by Severity Level

2. Scan Statistics by Vulnerability Type

3. Web Application Information

URL 196.203.190.22

8/17/2019 NStalkerReport-22

http://slidepdf.com/reader/full/nstalkerreport-22 2/13

N-Stalker Web ApplicationSecurity Technical Report

Confidential report - must not be disclosed without prior authorizationN-Stalker Web Application Security - Page 2 of

Port 80

Protocol HTTP

SSLCipher N/A 

Server-Type  Apache/2.2.15 (Red Hat)

Detected-Type Caucho Resin

Server-Side Technologies Detected N/A 

Number of sub-hosts involved

4. Scan Statistics

 Avg Response Time 4430

 Avg Response Size 275

Total Scan Time 311 mins (18690 secs)

Number of Spidered Links 0

Number of Cookies 0Number of Javascript objects 0

Number of HTML Comments 0

Number of e-mails 0

Number of Broken Pages 0

Number of hidden fields 0

Number of Objects Leaked 0

5. Policy Details

Policy Name Complete Pen-test Assessment

Policy Details  Audit & Pen-test Assessment

 Applied Rules

 Web Resources Spider and Analysis

Server Vulnerabilities Assessment

Directory Brute-force Discovery

File & Directory Exposure Attacks

Cross-site Scripting Attacks

SQL Injection Attacks

Memory Fault Attacks

Parameter Tampering Attacks

Signature-based HTTP Attacks

Information Leakage Search

Protocol Compliance Check

2. Web Site Structure

1. Published Directories

8/17/2019 NStalkerReport-22

http://slidepdf.com/reader/full/nstalkerreport-22 3/13

N-Stalker Web ApplicationSecurity Technical Report

Confidential report - must not be disclosed without prior authorizationN-Stalker Web Application Security - Page 3 of

Path Status

3. Application Objects

1. Cookies

Cookie

2. E-mails

E-mail Count

3. Broken Pages

Page Reference

4. Hidden Fields

Field name & value URL & Post Data

5. Information Leakage

Name Value

6. Web Forms

4. Vulnerabilities

1. Web Server Exposure

Oracle Single Sign-On Login Page Authentication Credential Disclosure Vulnerability

 High LevelCVE : CVE-2007-3304

BID : 24215 OSVDB : 37050

Target Server : http://196.203.190.22:80/

URL : /

Comments

It has been reported that Oracle Single Sign-On login form is prone to an authenticationcredential disclosure vulnerability that that may allow remote attackers to disclose

8/17/2019 NStalkerReport-22

http://slidepdf.com/reader/full/nstalkerreport-22 4/13

N-Stalker Web ApplicationSecurity Technical Report

Confidential report - must not be disclosed without prior authorizationN-Stalker Web Application Security - Page 4 of

authentication credentials such as username and passwords of vulnerable users. Workaround:The p_submit_url value in the customized login page can be hard-coded. This will mitigate thisissue since it will not be an input value to the page anymore. The p_submit_url URL value inthe 902 SSO server is in the following format:http(s)://sso_host:port/pls/orasso/orasso.wwsso_app_admin.ls_login Vulnerable versions

includes: Oracle IAS 9.0.3.1 (and previous), Oracle HTTP Server 9.2.0 (and previous).Solution

Please, download the latest version.

Referenceshttp://httpd.apache.org/download.cgihttp://www.kb.cert.org/vuls/id/395412http://httpd.apache.org/docs/2.2/new_features_2_2.html

Possible Insecure HTTP Method found

 Information LevelCVE : MAP-NOMATCH BID : None OSVDB : None

Target Server : http://196.203.190.22:80/

URL : PROPFIND (http://196.203.190.22:80/)Comments

 An insecure HTTP method has been detected as available in the Web Server side and may beexploited under certain conditions.

 Although it may varies accordingly to the situation, HTTP methods others than GET, POSTand HEAD are not common and should be evaluated before being made public available onproduction-level Web Servers.

Some problems may arise because of information leakage problem such as TRACE method(that may reveal internal private HTTP Headers) or may be used for client-side credentialsstealing attacks. Other methods such as PROPFIND and WebDav-based methods may allowfor arbitrary file uploading and should not be available under normal conditions.

This issue can be considered an Insecure Configuration Management as described in OWASPTop10 Web Application Vulnerabilities, Section A10: "Web server and application serverconfigurations play a key role in the security of a web application. These servers areresponsible for serving content and invoking applications that generate content. In addition,many application servers provide a number of services that web applications can use,including data storage, directory services, mail, messaging, and more. Failure to manage theproper configuration of your servers can lead to a wide variety of security problems."

Solution

IT staff must act with an effective Web server hardening control and also establish an effectiveProduction Planning and Control program to avoid insecure configuration scenario.

Undesired HTTP method can be easily removed from most Web Server Platforms. See more

information below. Microsoft IIS users are advised to use URLscan.Referenceshttp://www.kb.cert.org/vuls/id/867593http://www.microsoft.com/technet/security/tools/urlscan.mspxhttp://www.owasp.org/documentation/topten/a10.html

Possible Insecure HTTP Method found

 Information LevelCVE : MAP-NOMATCH BID : None OSVDB : None

8/17/2019 NStalkerReport-22

http://slidepdf.com/reader/full/nstalkerreport-22 5/13

N-Stalker Web ApplicationSecurity Technical Report

Confidential report - must not be disclosed without prior authorizationN-Stalker Web Application Security - Page 5 of

Target Server : http://196.203.190.22:80/

URL : OPTIONS (http://196.203.190.22:80/)

Comments

 An insecure HTTP method has been detected as available in the Web Server side and may beexploited under certain conditions.

 Although it may varies accordingly to the situation, HTTP methods others than GET, POSTand HEAD are not common and should be evaluated before being made public available onproduction-level Web Servers.

Some problems may arise because of information leakage problem such as TRACE method(that may reveal internal private HTTP Headers) or may be used for client-side credentialsstealing attacks. Other methods such as PROPFIND and WebDav-based methods may allowfor arbitrary file uploading and should not be available under normal conditions.

This issue can be considered an Insecure Configuration Management as described in OWASPTop10 Web Application Vulnerabilities, Section A10: "Web server and application serverconfigurations play a key role in the security of a web application. These servers are

responsible for serving content and invoking applications that generate content. In addition,many application servers provide a number of services that web applications can use,including data storage, directory services, mail, messaging, and more. Failure to manage theproper configuration of your servers can lead to a wide variety of security problems."

Solution

IT staff must act with an effective Web server hardening control and also establish an effectiveProduction Planning and Control program to avoid insecure configuration scenario.

Undesired HTTP method can be easily removed from most Web Server Platforms. See moreinformation below. Microsoft IIS users are advised to use URLscan.

Referenceshttp://www.kb.cert.org/vuls/id/867593http://www.microsoft.com/technet/security/tools/urlscan.mspx

http://www.owasp.org/documentation/topten/a10.html

Possible Insecure HTTP Method found

 Information LevelCVE : MAP-NOMATCH BID : None OSVDB : None

Target Server : http://196.203.190.22:80/

URL : DELETE (http://196.203.190.22:80/)

Comments

 An insecure HTTP method has been detected as available in the Web Server side and may beexploited under certain conditions.

 Although it may varies accordingly to the situation, HTTP methods others than GET, POST

and HEAD are not common and should be evaluated before being made public available onproduction-level Web Servers.

Some problems may arise because of information leakage problem such as TRACE method(that may reveal internal private HTTP Headers) or may be used for client-side credentialsstealing attacks. Other methods such as PROPFIND and WebDav-based methods may allowfor arbitrary file uploading and should not be available under normal conditions.

This issue can be considered an Insecure Configuration Management as described in OWASP

8/17/2019 NStalkerReport-22

http://slidepdf.com/reader/full/nstalkerreport-22 6/13

N-Stalker Web ApplicationSecurity Technical Report

Confidential report - must not be disclosed without prior authorizationN-Stalker Web Application Security - Page 6 of

Top10 Web Application Vulnerabilities, Section A10: "Web server and application serverconfigurations play a key role in the security of a web application. These servers areresponsible for serving content and invoking applications that generate content. In addition,many application servers provide a number of services that web applications can use, includingdata storage, directory services, mail, messaging, and more. Failure to manage the proper

configuration of your servers can lead to a wide variety of security problems."Solution

IT staff must act with an effective Web server hardening control and also establish an effectiveProduction Planning and Control program to avoid insecure configuration scenario.

Undesired HTTP method can be easily removed from most Web Server Platforms. See moreinformation below. Microsoft IIS users are advised to use URLscan.

Referenceshttp://www.kb.cert.org/vuls/id/867593http://www.microsoft.com/technet/security/tools/urlscan.mspxhttp://www.owasp.org/documentation/topten/a10.html

Possible Insecure HTTP Method found Information LevelCVE : MAP-NOMATCH BID : None OSVDB : None

Target Server : http://196.203.190.22:80/

URL : PROPPATCH (http://196.203.190.22:80/)

Comments

 An insecure HTTP method has been detected as available in the Web Server side and may beexploited under certain conditions.

 Although it may varies accordingly to the situation, HTTP methods others than GET, POSTand HEAD are not common and should be evaluated before being made public available onproduction-level Web Servers.

Some problems may arise because of information leakage problem such as TRACE method(that may reveal internal private HTTP Headers) or may be used for client-side credentialsstealing attacks. Other methods such as PROPFIND and WebDav-based methods may allowfor arbitrary file uploading and should not be available under normal conditions.

This issue can be considered an Insecure Configuration Management as described in OWASPTop10 Web Application Vulnerabilities, Section A10: "Web server and application serverconfigurations play a key role in the security of a web application. These servers areresponsible for serving content and invoking applications that generate content. In addition,many application servers provide a number of services that web applications can use,including data storage, directory services, mail, messaging, and more. Failure to manage theproper configuration of your servers can lead to a wide variety of security problems."

Solution

IT staff must act with an effective Web server hardening control and also establish an effectiveProduction Planning and Control program to avoid insecure configuration scenario.

Undesired HTTP method can be easily removed from most Web Server Platforms. See moreinformation below. Microsoft IIS users are advised to use URLscan.

Referenceshttp://www.kb.cert.org/vuls/id/867593http://www.microsoft.com/technet/security/tools/urlscan.mspxhttp://www.owasp.org/documentation/topten/a10.html

8/17/2019 NStalkerReport-22

http://slidepdf.com/reader/full/nstalkerreport-22 7/13

N-Stalker Web ApplicationSecurity Technical Report

Confidential report - must not be disclosed without prior authorizationN-Stalker Web Application Security - Page 7 of

Possible Insecure HTTP Method found

 Information LevelCVE : MAP-NOMATCH BID : None OSVDB : None

Target Server : http://196.203.190.22:80/

URL : MKCOL (http://196.203.190.22:80/)

Comments

 An insecure HTTP method has been detected as available in the Web Server side and may beexploited under certain conditions.

 Although it may varies accordingly to the situation, HTTP methods others than GET, POSTand HEAD are not common and should be evaluated before being made public available onproduction-level Web Servers.

Some problems may arise because of information leakage problem such as TRACE method(that may reveal internal private HTTP Headers) or may be used for client-side credentialsstealing attacks. Other methods such as PROPFIND and WebDav-based methods may allow

for arbitrary file uploading and should not be available under normal conditions.

This issue can be considered an Insecure Configuration Management as described in OWASPTop10 Web Application Vulnerabilities, Section A10: "Web server and application serverconfigurations play a key role in the security of a web application. These servers areresponsible for serving content and invoking applications that generate content. In addition,many application servers provide a number of services that web applications can use,including data storage, directory services, mail, messaging, and more. Failure to manage theproper configuration of your servers can lead to a wide variety of security problems."

Solution

IT staff must act with an effective Web server hardening control and also establish an effectiveProduction Planning and Control program to avoid insecure configuration scenario.

Undesired HTTP method can be easily removed from most Web Server Platforms. See moreinformation below. Microsoft IIS users are advised to use URLscan.

Referenceshttp://www.kb.cert.org/vuls/id/867593http://www.microsoft.com/technet/security/tools/urlscan.mspxhttp://www.owasp.org/documentation/topten/a10.html

Possible Insecure HTTP Method found

 Information LevelCVE : MAP-NOMATCH BID : None OSVDB : None

Target Server : http://196.203.190.22:80/

URL : COPY (http://196.203.190.22:80/)

Comments An insecure HTTP method has been detected as available in the Web Server side and may beexploited under certain conditions.

 Although it may varies accordingly to the situation, HTTP methods others than GET, POSTand HEAD are not common and should be evaluated before being made public available onproduction-level Web Servers.

Some problems may arise because of information leakage problem such as TRACE method(that may reveal internal private HTTP Headers) or may be used for client-side credentials

8/17/2019 NStalkerReport-22

http://slidepdf.com/reader/full/nstalkerreport-22 8/13

N-Stalker Web ApplicationSecurity Technical Report

Confidential report - must not be disclosed without prior authorizationN-Stalker Web Application Security - Page 8 of

stealing attacks. Other methods such as PROPFIND and WebDav-based methods may allowfor arbitrary file uploading and should not be available under normal conditions.

This issue can be considered an Insecure Configuration Management as described in OWASPTop10 Web Application Vulnerabilities, Section A10: "Web server and application server

configurations play a key role in the security of a web application. These servers areresponsible for serving content and invoking applications that generate content. In addition,many application servers provide a number of services that web applications can use, includingdata storage, directory services, mail, messaging, and more. Failure to manage the properconfiguration of your servers can lead to a wide variety of security problems."

Solution

IT staff must act with an effective Web server hardening control and also establish an effectiveProduction Planning and Control program to avoid insecure configuration scenario.

Undesired HTTP method can be easily removed from most Web Server Platforms. See moreinformation below. Microsoft IIS users are advised to use URLscan.

Referenceshttp://www.kb.cert.org/vuls/id/867593

http://www.microsoft.com/technet/security/tools/urlscan.mspxhttp://www.owasp.org/documentation/topten/a10.html

Possible Insecure HTTP Method found

 Information LevelCVE : MAP-NOMATCH BID : None OSVDB : None

Target Server : http://196.203.190.22:80/

URL : MOVE (http://196.203.190.22:80/)

Comments

 An insecure HTTP method has been detected as available in the Web Server side and may beexploited under certain conditions.

 Although it may varies accordingly to the situation, HTTP methods others than GET, POSTand HEAD are not common and should be evaluated before being made public available onproduction-level Web Servers.

Some problems may arise because of information leakage problem such as TRACE method(that may reveal internal private HTTP Headers) or may be used for client-side credentialsstealing attacks. Other methods such as PROPFIND and WebDav-based methods may allowfor arbitrary file uploading and should not be available under normal conditions.

This issue can be considered an Insecure Configuration Management as described in OWASPTop10 Web Application Vulnerabilities, Section A10: "Web server and application serverconfigurations play a key role in the security of a web application. These servers areresponsible for serving content and invoking applications that generate content. In addition,many application servers provide a number of services that web applications can use,including data storage, directory services, mail, messaging, and more. Failure to manage theproper configuration of your servers can lead to a wide variety of security problems."

Solution

IT staff must act with an effective Web server hardening control and also establish an effectiveProduction Planning and Control program to avoid insecure configuration scenario.

Undesired HTTP method can be easily removed from most Web Server Platforms. See moreinformation below. Microsoft IIS users are advised to use URLscan.

References

8/17/2019 NStalkerReport-22

http://slidepdf.com/reader/full/nstalkerreport-22 9/13

N-Stalker Web ApplicationSecurity Technical Report

Confidential report - must not be disclosed without prior authorizationN-Stalker Web Application Security - Page 9 of

http://www.kb.cert.org/vuls/id/867593

http://www.microsoft.com/technet/security/tools/urlscan.mspx

http://www.owasp.org/documentation/topten/a10.html

Possible Insecure HTTP Method found Information LevelCVE : MAP-NOMATCH BID : None OSVDB : None

Target Server : http://196.203.190.22:80/

URL : LOCK (http://196.203.190.22:80/)

Comments

 An insecure HTTP method has been detected as available in the Web Server side and may beexploited under certain conditions.

 Although it may varies accordingly to the situation, HTTP methods others than GET, POSTand HEAD are not common and should be evaluated before being made public available onproduction-level Web Servers.

Some problems may arise because of information leakage problem such as TRACE method(that may reveal internal private HTTP Headers) or may be used for client-side credentialsstealing attacks. Other methods such as PROPFIND and WebDav-based methods may allowfor arbitrary file uploading and should not be available under normal conditions.

This issue can be considered an Insecure Configuration Management as described in OWASPTop10 Web Application Vulnerabilities, Section A10: "Web server and application serverconfigurations play a key role in the security of a web application. These servers areresponsible for serving content and invoking applications that generate content. In addition,many application servers provide a number of services that web applications can use,including data storage, directory services, mail, messaging, and more. Failure to manage theproper configuration of your servers can lead to a wide variety of security problems."

Solution

IT staff must act with an effective Web server hardening control and also establish an effectiveProduction Planning and Control program to avoid insecure configuration scenario.

Undesired HTTP method can be easily removed from most Web Server Platforms. See moreinformation below. Microsoft IIS users are advised to use URLscan.

Referenceshttp://www.kb.cert.org/vuls/id/867593http://www.microsoft.com/technet/security/tools/urlscan.mspxhttp://www.owasp.org/documentation/topten/a10.html

Possible Insecure HTTP Method found

 Information LevelCVE : MAP-NOMATCH BID : None OSVDB : None

Target Server : http://196.203.190.22:80/

URL : UNLOCK (http://196.203.190.22:80/)

Comments

 An insecure HTTP method has been detected as available in the Web Server side and may beexploited under certain conditions.

 Although it may varies accordingly to the situation, HTTP methods others than GET, POSTand HEAD are not common and should be evaluated before being made public available on

8/17/2019 NStalkerReport-22

http://slidepdf.com/reader/full/nstalkerreport-22 10/13

N-Stalker Web ApplicationSecurity Technical Report

Confidential report - must not be disclosed without prior authorizationN-Stalker Web Application Security - Page 10 of

production-level Web Servers.

Some problems may arise because of information leakage problem such as TRACE method(that may reveal internal private HTTP Headers) or may be used for client-side credentialsstealing attacks. Other methods such as PROPFIND and WebDav-based methods may allow

for arbitrary file uploading and should not be available under normal conditions.

This issue can be considered an Insecure Configuration Management as described in OWASPTop10 Web Application Vulnerabilities, Section A10: "Web server and application serverconfigurations play a key role in the security of a web application. These servers areresponsible for serving content and invoking applications that generate content. In addition,many application servers provide a number of services that web applications can use, includingdata storage, directory services, mail, messaging, and more. Failure to manage the properconfiguration of your servers can lead to a wide variety of security problems."

Solution

IT staff must act with an effective Web server hardening control and also establish an effectiveProduction Planning and Control program to avoid insecure configuration scenario.

Undesired HTTP method can be easily removed from most Web Server Platforms. See moreinformation below. Microsoft IIS users are advised to use URLscan.

Referenceshttp://www.kb.cert.org/vuls/id/867593http://www.microsoft.com/technet/security/tools/urlscan.mspxhttp://www.owasp.org/documentation/topten/a10.html

Possible Insecure HTTP Method found

 Information LevelCVE : MAP-NOMATCH BID : None OSVDB : None

Target Server : http://196.203.190.22:80/

URL : LINK (http://196.203.190.22:80/)

Comments An insecure HTTP method has been detected as available in the Web Server side and may beexploited under certain conditions.

 Although it may varies accordingly to the situation, HTTP methods others than GET, POSTand HEAD are not common and should be evaluated before being made public available onproduction-level Web Servers.

Some problems may arise because of information leakage problem such as TRACE method(that may reveal internal private HTTP Headers) or may be used for client-side credentialsstealing attacks. Other methods such as PROPFIND and WebDav-based methods may allowfor arbitrary file uploading and should not be available under normal conditions.

This issue can be considered an Insecure Configuration Management as described in OWASPTop10 Web Application Vulnerabilities, Section A10: "Web server and application serverconfigurations play a key role in the security of a web application. These servers areresponsible for serving content and invoking applications that generate content. In addition,many application servers provide a number of services that web applications can use,including data storage, directory services, mail, messaging, and more. Failure to manage theproper configuration of your servers can lead to a wide variety of security problems."

Solution

IT staff must act with an effective Web server hardening control and also establish an effectiveProduction Planning and Control program to avoid insecure configuration scenario.

8/17/2019 NStalkerReport-22

http://slidepdf.com/reader/full/nstalkerreport-22 11/13

N-Stalker Web ApplicationSecurity Technical Report

Confidential report - must not be disclosed without prior authorizationN-Stalker Web Application Security - Page 11 of

Undesired HTTP method can be easily removed from most Web Server Platforms. See moreinformation below. Microsoft IIS users are advised to use URLscan.

Referenceshttp://www.kb.cert.org/vuls/id/867593

http://www.microsoft.com/technet/security/tools/urlscan.mspxhttp://www.owasp.org/documentation/topten/a10.html

Possible Insecure HTTP Method found

 Information LevelCVE : MAP-NOMATCH BID : None OSVDB : None

Target Server : http://196.203.190.22:80/

URL : UNLINK (http://196.203.190.22:80/)

Comments

 An insecure HTTP method has been detected as available in the Web Server side and may beexploited under certain conditions.

 Although it may varies accordingly to the situation, HTTP methods others than GET, POSTand HEAD are not common and should be evaluated before being made public available onproduction-level Web Servers.

Some problems may arise because of information leakage problem such as TRACE method(that may reveal internal private HTTP Headers) or may be used for client-side credentialsstealing attacks. Other methods such as PROPFIND and WebDav-based methods may allowfor arbitrary file uploading and should not be available under normal conditions.

This issue can be considered an Insecure Configuration Management as described in OWASPTop10 Web Application Vulnerabilities, Section A10: "Web server and application serverconfigurations play a key role in the security of a web application. These servers areresponsible for serving content and invoking applications that generate content. In addition,many application servers provide a number of services that web applications can use,including data storage, directory services, mail, messaging, and more. Failure to manage theproper configuration of your servers can lead to a wide variety of security problems."

Solution

IT staff must act with an effective Web server hardening control and also establish an effectiveProduction Planning and Control program to avoid insecure configuration scenario.

Undesired HTTP method can be easily removed from most Web Server Platforms. See moreinformation below. Microsoft IIS users are advised to use URLscan.

Referenceshttp://www.kb.cert.org/vuls/id/867593http://www.microsoft.com/technet/security/tools/urlscan.mspxhttp://www.owasp.org/documentation/topten/a10.html

2. Custom Design ErrorsNo vulnerabilities.

3. Web Signature Attacks

8/17/2019 NStalkerReport-22

http://slidepdf.com/reader/full/nstalkerreport-22 12/13

N-Stalker Web ApplicationSecurity Technical Report

Confidential report - must not be disclosed without prior authorizationN-Stalker Web Application Security - Page 12 of

Oracle Single Sign-On Login Page Authentication Credential Disclosure Vulnerability

 High LevelCVE : CVE-2007-3304

BID : 24215 OSVDB : 37050

Target Server : http://196.203.190.22:80/

URL : /

Comments

It has been reported that Oracle Single Sign-On login form is prone to an authenticationcredential disclosure vulnerability that that may allow remote attackers to discloseauthentication credentials such as username and passwords of vulnerable users. Workaround:The p_submit_url value in the customized login page can be hard-coded. This will mitigate thisissue since it will not be an input value to the page anymore. The p_submit_url URL value inthe 902 SSO server is in the following format:http(s)://sso_host:port/pls/orasso/orasso.wwsso_app_admin.ls_login Vulnerable versionsincludes: Oracle IAS 9.0.3.1 (and previous), Oracle HTTP Server 9.2.0 (and previous).

Solution

Please, download the latest version.

Referenceshttp://httpd.apache.org/download.cgihttp://www.kb.cert.org/vuls/id/395412http://httpd.apache.org/docs/2.2/new_features_2_2.html

Oracle Single Sign-On Login Page Authentication Credential Disclosure Vulnerability

 High Level CVE : 0 BID : 10009 OSVDB : 0

Target Server : http://196.203.190.22:80/

URL : /pls/orasso/orasso.wwsso_app_admin.ls_login

Comments

It has been reported that Oracle Single Sign-On login form is prone to an authenticationcredential disclosure vulnerability that that may allow remote attackers to discloseauthentication credentials such as username and passwords of vulnerable users. Workaround:The p_submit_url value in the customized login page can be hard-coded. This will mitigate thisissue since it will not be an input value to the page anymore. The p_submit_url URL value inthe 902 SSO server is in the following format:http(s)://sso_host:port/pls/orasso/orasso.wwsso_app_admin.ls_login Vulnerable versionsincludes: Oracle IAS 9.0.3.1 (and previous), Oracle HTTP Server 9.2.0 (and previous).

Solution

No solution available.

References

No external references available.

4. Confidentiality ExposureNo vulnerabilities.

5. Cookie ExposureNo vulnerabilities.

6. File & Directory Exposure

8/17/2019 NStalkerReport-22

http://slidepdf.com/reader/full/nstalkerreport-22 13/13

N-Stalker Web ApplicationSecurity Technical Report

Confidential report - must not be disclosed without prior authorizationN-Stalker Web Application Security - Page 13 of

No vulnerabilities.

7. Custom Content InspectionNo vulnerabilities.