Upload
mondher-gam
View
214
Download
0
Embed Size (px)
Citation preview
8/17/2019 NStalkerReport-22
http://slidepdf.com/reader/full/nstalkerreport-22 1/13
N-Stalker Web ApplicationSecurity Technical Report
Confidential report - must not be disclosed without prior authorizationN-Stalker Web Application Security - Page 1 of
Web Application Security Report(196.203.190.22)
1. Scan Session Summary
1. Scan Statistics by Severity Level
2. Scan Statistics by Vulnerability Type
3. Web Application Information
URL 196.203.190.22
8/17/2019 NStalkerReport-22
http://slidepdf.com/reader/full/nstalkerreport-22 2/13
N-Stalker Web ApplicationSecurity Technical Report
Confidential report - must not be disclosed without prior authorizationN-Stalker Web Application Security - Page 2 of
Port 80
Protocol HTTP
SSLCipher N/A
Server-Type Apache/2.2.15 (Red Hat)
Detected-Type Caucho Resin
Server-Side Technologies Detected N/A
Number of sub-hosts involved
4. Scan Statistics
Avg Response Time 4430
Avg Response Size 275
Total Scan Time 311 mins (18690 secs)
Number of Spidered Links 0
Number of Cookies 0Number of Javascript objects 0
Number of HTML Comments 0
Number of e-mails 0
Number of Broken Pages 0
Number of hidden fields 0
Number of Objects Leaked 0
5. Policy Details
Policy Name Complete Pen-test Assessment
Policy Details Audit & Pen-test Assessment
Applied Rules
Web Resources Spider and Analysis
Server Vulnerabilities Assessment
Directory Brute-force Discovery
File & Directory Exposure Attacks
Cross-site Scripting Attacks
SQL Injection Attacks
Memory Fault Attacks
Parameter Tampering Attacks
Signature-based HTTP Attacks
Information Leakage Search
Protocol Compliance Check
2. Web Site Structure
1. Published Directories
8/17/2019 NStalkerReport-22
http://slidepdf.com/reader/full/nstalkerreport-22 3/13
N-Stalker Web ApplicationSecurity Technical Report
Confidential report - must not be disclosed without prior authorizationN-Stalker Web Application Security - Page 3 of
Path Status
3. Application Objects
1. Cookies
Cookie
2. E-mails
E-mail Count
3. Broken Pages
Page Reference
4. Hidden Fields
Field name & value URL & Post Data
5. Information Leakage
Name Value
6. Web Forms
4. Vulnerabilities
1. Web Server Exposure
Oracle Single Sign-On Login Page Authentication Credential Disclosure Vulnerability
High LevelCVE : CVE-2007-3304
BID : 24215 OSVDB : 37050
Target Server : http://196.203.190.22:80/
URL : /
Comments
It has been reported that Oracle Single Sign-On login form is prone to an authenticationcredential disclosure vulnerability that that may allow remote attackers to disclose
8/17/2019 NStalkerReport-22
http://slidepdf.com/reader/full/nstalkerreport-22 4/13
N-Stalker Web ApplicationSecurity Technical Report
Confidential report - must not be disclosed without prior authorizationN-Stalker Web Application Security - Page 4 of
authentication credentials such as username and passwords of vulnerable users. Workaround:The p_submit_url value in the customized login page can be hard-coded. This will mitigate thisissue since it will not be an input value to the page anymore. The p_submit_url URL value inthe 902 SSO server is in the following format:http(s)://sso_host:port/pls/orasso/orasso.wwsso_app_admin.ls_login Vulnerable versions
includes: Oracle IAS 9.0.3.1 (and previous), Oracle HTTP Server 9.2.0 (and previous).Solution
Please, download the latest version.
Referenceshttp://httpd.apache.org/download.cgihttp://www.kb.cert.org/vuls/id/395412http://httpd.apache.org/docs/2.2/new_features_2_2.html
Possible Insecure HTTP Method found
Information LevelCVE : MAP-NOMATCH BID : None OSVDB : None
Target Server : http://196.203.190.22:80/
URL : PROPFIND (http://196.203.190.22:80/)Comments
An insecure HTTP method has been detected as available in the Web Server side and may beexploited under certain conditions.
Although it may varies accordingly to the situation, HTTP methods others than GET, POSTand HEAD are not common and should be evaluated before being made public available onproduction-level Web Servers.
Some problems may arise because of information leakage problem such as TRACE method(that may reveal internal private HTTP Headers) or may be used for client-side credentialsstealing attacks. Other methods such as PROPFIND and WebDav-based methods may allowfor arbitrary file uploading and should not be available under normal conditions.
This issue can be considered an Insecure Configuration Management as described in OWASPTop10 Web Application Vulnerabilities, Section A10: "Web server and application serverconfigurations play a key role in the security of a web application. These servers areresponsible for serving content and invoking applications that generate content. In addition,many application servers provide a number of services that web applications can use,including data storage, directory services, mail, messaging, and more. Failure to manage theproper configuration of your servers can lead to a wide variety of security problems."
Solution
IT staff must act with an effective Web server hardening control and also establish an effectiveProduction Planning and Control program to avoid insecure configuration scenario.
Undesired HTTP method can be easily removed from most Web Server Platforms. See more
information below. Microsoft IIS users are advised to use URLscan.Referenceshttp://www.kb.cert.org/vuls/id/867593http://www.microsoft.com/technet/security/tools/urlscan.mspxhttp://www.owasp.org/documentation/topten/a10.html
Possible Insecure HTTP Method found
Information LevelCVE : MAP-NOMATCH BID : None OSVDB : None
8/17/2019 NStalkerReport-22
http://slidepdf.com/reader/full/nstalkerreport-22 5/13
N-Stalker Web ApplicationSecurity Technical Report
Confidential report - must not be disclosed without prior authorizationN-Stalker Web Application Security - Page 5 of
Target Server : http://196.203.190.22:80/
URL : OPTIONS (http://196.203.190.22:80/)
Comments
An insecure HTTP method has been detected as available in the Web Server side and may beexploited under certain conditions.
Although it may varies accordingly to the situation, HTTP methods others than GET, POSTand HEAD are not common and should be evaluated before being made public available onproduction-level Web Servers.
Some problems may arise because of information leakage problem such as TRACE method(that may reveal internal private HTTP Headers) or may be used for client-side credentialsstealing attacks. Other methods such as PROPFIND and WebDav-based methods may allowfor arbitrary file uploading and should not be available under normal conditions.
This issue can be considered an Insecure Configuration Management as described in OWASPTop10 Web Application Vulnerabilities, Section A10: "Web server and application serverconfigurations play a key role in the security of a web application. These servers are
responsible for serving content and invoking applications that generate content. In addition,many application servers provide a number of services that web applications can use,including data storage, directory services, mail, messaging, and more. Failure to manage theproper configuration of your servers can lead to a wide variety of security problems."
Solution
IT staff must act with an effective Web server hardening control and also establish an effectiveProduction Planning and Control program to avoid insecure configuration scenario.
Undesired HTTP method can be easily removed from most Web Server Platforms. See moreinformation below. Microsoft IIS users are advised to use URLscan.
Referenceshttp://www.kb.cert.org/vuls/id/867593http://www.microsoft.com/technet/security/tools/urlscan.mspx
http://www.owasp.org/documentation/topten/a10.html
Possible Insecure HTTP Method found
Information LevelCVE : MAP-NOMATCH BID : None OSVDB : None
Target Server : http://196.203.190.22:80/
URL : DELETE (http://196.203.190.22:80/)
Comments
An insecure HTTP method has been detected as available in the Web Server side and may beexploited under certain conditions.
Although it may varies accordingly to the situation, HTTP methods others than GET, POST
and HEAD are not common and should be evaluated before being made public available onproduction-level Web Servers.
Some problems may arise because of information leakage problem such as TRACE method(that may reveal internal private HTTP Headers) or may be used for client-side credentialsstealing attacks. Other methods such as PROPFIND and WebDav-based methods may allowfor arbitrary file uploading and should not be available under normal conditions.
This issue can be considered an Insecure Configuration Management as described in OWASP
8/17/2019 NStalkerReport-22
http://slidepdf.com/reader/full/nstalkerreport-22 6/13
N-Stalker Web ApplicationSecurity Technical Report
Confidential report - must not be disclosed without prior authorizationN-Stalker Web Application Security - Page 6 of
Top10 Web Application Vulnerabilities, Section A10: "Web server and application serverconfigurations play a key role in the security of a web application. These servers areresponsible for serving content and invoking applications that generate content. In addition,many application servers provide a number of services that web applications can use, includingdata storage, directory services, mail, messaging, and more. Failure to manage the proper
configuration of your servers can lead to a wide variety of security problems."Solution
IT staff must act with an effective Web server hardening control and also establish an effectiveProduction Planning and Control program to avoid insecure configuration scenario.
Undesired HTTP method can be easily removed from most Web Server Platforms. See moreinformation below. Microsoft IIS users are advised to use URLscan.
Referenceshttp://www.kb.cert.org/vuls/id/867593http://www.microsoft.com/technet/security/tools/urlscan.mspxhttp://www.owasp.org/documentation/topten/a10.html
Possible Insecure HTTP Method found Information LevelCVE : MAP-NOMATCH BID : None OSVDB : None
Target Server : http://196.203.190.22:80/
URL : PROPPATCH (http://196.203.190.22:80/)
Comments
An insecure HTTP method has been detected as available in the Web Server side and may beexploited under certain conditions.
Although it may varies accordingly to the situation, HTTP methods others than GET, POSTand HEAD are not common and should be evaluated before being made public available onproduction-level Web Servers.
Some problems may arise because of information leakage problem such as TRACE method(that may reveal internal private HTTP Headers) or may be used for client-side credentialsstealing attacks. Other methods such as PROPFIND and WebDav-based methods may allowfor arbitrary file uploading and should not be available under normal conditions.
This issue can be considered an Insecure Configuration Management as described in OWASPTop10 Web Application Vulnerabilities, Section A10: "Web server and application serverconfigurations play a key role in the security of a web application. These servers areresponsible for serving content and invoking applications that generate content. In addition,many application servers provide a number of services that web applications can use,including data storage, directory services, mail, messaging, and more. Failure to manage theproper configuration of your servers can lead to a wide variety of security problems."
Solution
IT staff must act with an effective Web server hardening control and also establish an effectiveProduction Planning and Control program to avoid insecure configuration scenario.
Undesired HTTP method can be easily removed from most Web Server Platforms. See moreinformation below. Microsoft IIS users are advised to use URLscan.
Referenceshttp://www.kb.cert.org/vuls/id/867593http://www.microsoft.com/technet/security/tools/urlscan.mspxhttp://www.owasp.org/documentation/topten/a10.html
8/17/2019 NStalkerReport-22
http://slidepdf.com/reader/full/nstalkerreport-22 7/13
N-Stalker Web ApplicationSecurity Technical Report
Confidential report - must not be disclosed without prior authorizationN-Stalker Web Application Security - Page 7 of
Possible Insecure HTTP Method found
Information LevelCVE : MAP-NOMATCH BID : None OSVDB : None
Target Server : http://196.203.190.22:80/
URL : MKCOL (http://196.203.190.22:80/)
Comments
An insecure HTTP method has been detected as available in the Web Server side and may beexploited under certain conditions.
Although it may varies accordingly to the situation, HTTP methods others than GET, POSTand HEAD are not common and should be evaluated before being made public available onproduction-level Web Servers.
Some problems may arise because of information leakage problem such as TRACE method(that may reveal internal private HTTP Headers) or may be used for client-side credentialsstealing attacks. Other methods such as PROPFIND and WebDav-based methods may allow
for arbitrary file uploading and should not be available under normal conditions.
This issue can be considered an Insecure Configuration Management as described in OWASPTop10 Web Application Vulnerabilities, Section A10: "Web server and application serverconfigurations play a key role in the security of a web application. These servers areresponsible for serving content and invoking applications that generate content. In addition,many application servers provide a number of services that web applications can use,including data storage, directory services, mail, messaging, and more. Failure to manage theproper configuration of your servers can lead to a wide variety of security problems."
Solution
IT staff must act with an effective Web server hardening control and also establish an effectiveProduction Planning and Control program to avoid insecure configuration scenario.
Undesired HTTP method can be easily removed from most Web Server Platforms. See moreinformation below. Microsoft IIS users are advised to use URLscan.
Referenceshttp://www.kb.cert.org/vuls/id/867593http://www.microsoft.com/technet/security/tools/urlscan.mspxhttp://www.owasp.org/documentation/topten/a10.html
Possible Insecure HTTP Method found
Information LevelCVE : MAP-NOMATCH BID : None OSVDB : None
Target Server : http://196.203.190.22:80/
URL : COPY (http://196.203.190.22:80/)
Comments An insecure HTTP method has been detected as available in the Web Server side and may beexploited under certain conditions.
Although it may varies accordingly to the situation, HTTP methods others than GET, POSTand HEAD are not common and should be evaluated before being made public available onproduction-level Web Servers.
Some problems may arise because of information leakage problem such as TRACE method(that may reveal internal private HTTP Headers) or may be used for client-side credentials
8/17/2019 NStalkerReport-22
http://slidepdf.com/reader/full/nstalkerreport-22 8/13
N-Stalker Web ApplicationSecurity Technical Report
Confidential report - must not be disclosed without prior authorizationN-Stalker Web Application Security - Page 8 of
stealing attacks. Other methods such as PROPFIND and WebDav-based methods may allowfor arbitrary file uploading and should not be available under normal conditions.
This issue can be considered an Insecure Configuration Management as described in OWASPTop10 Web Application Vulnerabilities, Section A10: "Web server and application server
configurations play a key role in the security of a web application. These servers areresponsible for serving content and invoking applications that generate content. In addition,many application servers provide a number of services that web applications can use, includingdata storage, directory services, mail, messaging, and more. Failure to manage the properconfiguration of your servers can lead to a wide variety of security problems."
Solution
IT staff must act with an effective Web server hardening control and also establish an effectiveProduction Planning and Control program to avoid insecure configuration scenario.
Undesired HTTP method can be easily removed from most Web Server Platforms. See moreinformation below. Microsoft IIS users are advised to use URLscan.
Referenceshttp://www.kb.cert.org/vuls/id/867593
http://www.microsoft.com/technet/security/tools/urlscan.mspxhttp://www.owasp.org/documentation/topten/a10.html
Possible Insecure HTTP Method found
Information LevelCVE : MAP-NOMATCH BID : None OSVDB : None
Target Server : http://196.203.190.22:80/
URL : MOVE (http://196.203.190.22:80/)
Comments
An insecure HTTP method has been detected as available in the Web Server side and may beexploited under certain conditions.
Although it may varies accordingly to the situation, HTTP methods others than GET, POSTand HEAD are not common and should be evaluated before being made public available onproduction-level Web Servers.
Some problems may arise because of information leakage problem such as TRACE method(that may reveal internal private HTTP Headers) or may be used for client-side credentialsstealing attacks. Other methods such as PROPFIND and WebDav-based methods may allowfor arbitrary file uploading and should not be available under normal conditions.
This issue can be considered an Insecure Configuration Management as described in OWASPTop10 Web Application Vulnerabilities, Section A10: "Web server and application serverconfigurations play a key role in the security of a web application. These servers areresponsible for serving content and invoking applications that generate content. In addition,many application servers provide a number of services that web applications can use,including data storage, directory services, mail, messaging, and more. Failure to manage theproper configuration of your servers can lead to a wide variety of security problems."
Solution
IT staff must act with an effective Web server hardening control and also establish an effectiveProduction Planning and Control program to avoid insecure configuration scenario.
Undesired HTTP method can be easily removed from most Web Server Platforms. See moreinformation below. Microsoft IIS users are advised to use URLscan.
References
8/17/2019 NStalkerReport-22
http://slidepdf.com/reader/full/nstalkerreport-22 9/13
N-Stalker Web ApplicationSecurity Technical Report
Confidential report - must not be disclosed without prior authorizationN-Stalker Web Application Security - Page 9 of
http://www.kb.cert.org/vuls/id/867593
http://www.microsoft.com/technet/security/tools/urlscan.mspx
http://www.owasp.org/documentation/topten/a10.html
Possible Insecure HTTP Method found Information LevelCVE : MAP-NOMATCH BID : None OSVDB : None
Target Server : http://196.203.190.22:80/
URL : LOCK (http://196.203.190.22:80/)
Comments
An insecure HTTP method has been detected as available in the Web Server side and may beexploited under certain conditions.
Although it may varies accordingly to the situation, HTTP methods others than GET, POSTand HEAD are not common and should be evaluated before being made public available onproduction-level Web Servers.
Some problems may arise because of information leakage problem such as TRACE method(that may reveal internal private HTTP Headers) or may be used for client-side credentialsstealing attacks. Other methods such as PROPFIND and WebDav-based methods may allowfor arbitrary file uploading and should not be available under normal conditions.
This issue can be considered an Insecure Configuration Management as described in OWASPTop10 Web Application Vulnerabilities, Section A10: "Web server and application serverconfigurations play a key role in the security of a web application. These servers areresponsible for serving content and invoking applications that generate content. In addition,many application servers provide a number of services that web applications can use,including data storage, directory services, mail, messaging, and more. Failure to manage theproper configuration of your servers can lead to a wide variety of security problems."
Solution
IT staff must act with an effective Web server hardening control and also establish an effectiveProduction Planning and Control program to avoid insecure configuration scenario.
Undesired HTTP method can be easily removed from most Web Server Platforms. See moreinformation below. Microsoft IIS users are advised to use URLscan.
Referenceshttp://www.kb.cert.org/vuls/id/867593http://www.microsoft.com/technet/security/tools/urlscan.mspxhttp://www.owasp.org/documentation/topten/a10.html
Possible Insecure HTTP Method found
Information LevelCVE : MAP-NOMATCH BID : None OSVDB : None
Target Server : http://196.203.190.22:80/
URL : UNLOCK (http://196.203.190.22:80/)
Comments
An insecure HTTP method has been detected as available in the Web Server side and may beexploited under certain conditions.
Although it may varies accordingly to the situation, HTTP methods others than GET, POSTand HEAD are not common and should be evaluated before being made public available on
8/17/2019 NStalkerReport-22
http://slidepdf.com/reader/full/nstalkerreport-22 10/13
N-Stalker Web ApplicationSecurity Technical Report
Confidential report - must not be disclosed without prior authorizationN-Stalker Web Application Security - Page 10 of
production-level Web Servers.
Some problems may arise because of information leakage problem such as TRACE method(that may reveal internal private HTTP Headers) or may be used for client-side credentialsstealing attacks. Other methods such as PROPFIND and WebDav-based methods may allow
for arbitrary file uploading and should not be available under normal conditions.
This issue can be considered an Insecure Configuration Management as described in OWASPTop10 Web Application Vulnerabilities, Section A10: "Web server and application serverconfigurations play a key role in the security of a web application. These servers areresponsible for serving content and invoking applications that generate content. In addition,many application servers provide a number of services that web applications can use, includingdata storage, directory services, mail, messaging, and more. Failure to manage the properconfiguration of your servers can lead to a wide variety of security problems."
Solution
IT staff must act with an effective Web server hardening control and also establish an effectiveProduction Planning and Control program to avoid insecure configuration scenario.
Undesired HTTP method can be easily removed from most Web Server Platforms. See moreinformation below. Microsoft IIS users are advised to use URLscan.
Referenceshttp://www.kb.cert.org/vuls/id/867593http://www.microsoft.com/technet/security/tools/urlscan.mspxhttp://www.owasp.org/documentation/topten/a10.html
Possible Insecure HTTP Method found
Information LevelCVE : MAP-NOMATCH BID : None OSVDB : None
Target Server : http://196.203.190.22:80/
URL : LINK (http://196.203.190.22:80/)
Comments An insecure HTTP method has been detected as available in the Web Server side and may beexploited under certain conditions.
Although it may varies accordingly to the situation, HTTP methods others than GET, POSTand HEAD are not common and should be evaluated before being made public available onproduction-level Web Servers.
Some problems may arise because of information leakage problem such as TRACE method(that may reveal internal private HTTP Headers) or may be used for client-side credentialsstealing attacks. Other methods such as PROPFIND and WebDav-based methods may allowfor arbitrary file uploading and should not be available under normal conditions.
This issue can be considered an Insecure Configuration Management as described in OWASPTop10 Web Application Vulnerabilities, Section A10: "Web server and application serverconfigurations play a key role in the security of a web application. These servers areresponsible for serving content and invoking applications that generate content. In addition,many application servers provide a number of services that web applications can use,including data storage, directory services, mail, messaging, and more. Failure to manage theproper configuration of your servers can lead to a wide variety of security problems."
Solution
IT staff must act with an effective Web server hardening control and also establish an effectiveProduction Planning and Control program to avoid insecure configuration scenario.
8/17/2019 NStalkerReport-22
http://slidepdf.com/reader/full/nstalkerreport-22 11/13
N-Stalker Web ApplicationSecurity Technical Report
Confidential report - must not be disclosed without prior authorizationN-Stalker Web Application Security - Page 11 of
Undesired HTTP method can be easily removed from most Web Server Platforms. See moreinformation below. Microsoft IIS users are advised to use URLscan.
Referenceshttp://www.kb.cert.org/vuls/id/867593
http://www.microsoft.com/technet/security/tools/urlscan.mspxhttp://www.owasp.org/documentation/topten/a10.html
Possible Insecure HTTP Method found
Information LevelCVE : MAP-NOMATCH BID : None OSVDB : None
Target Server : http://196.203.190.22:80/
URL : UNLINK (http://196.203.190.22:80/)
Comments
An insecure HTTP method has been detected as available in the Web Server side and may beexploited under certain conditions.
Although it may varies accordingly to the situation, HTTP methods others than GET, POSTand HEAD are not common and should be evaluated before being made public available onproduction-level Web Servers.
Some problems may arise because of information leakage problem such as TRACE method(that may reveal internal private HTTP Headers) or may be used for client-side credentialsstealing attacks. Other methods such as PROPFIND and WebDav-based methods may allowfor arbitrary file uploading and should not be available under normal conditions.
This issue can be considered an Insecure Configuration Management as described in OWASPTop10 Web Application Vulnerabilities, Section A10: "Web server and application serverconfigurations play a key role in the security of a web application. These servers areresponsible for serving content and invoking applications that generate content. In addition,many application servers provide a number of services that web applications can use,including data storage, directory services, mail, messaging, and more. Failure to manage theproper configuration of your servers can lead to a wide variety of security problems."
Solution
IT staff must act with an effective Web server hardening control and also establish an effectiveProduction Planning and Control program to avoid insecure configuration scenario.
Undesired HTTP method can be easily removed from most Web Server Platforms. See moreinformation below. Microsoft IIS users are advised to use URLscan.
Referenceshttp://www.kb.cert.org/vuls/id/867593http://www.microsoft.com/technet/security/tools/urlscan.mspxhttp://www.owasp.org/documentation/topten/a10.html
2. Custom Design ErrorsNo vulnerabilities.
3. Web Signature Attacks
8/17/2019 NStalkerReport-22
http://slidepdf.com/reader/full/nstalkerreport-22 12/13
N-Stalker Web ApplicationSecurity Technical Report
Confidential report - must not be disclosed without prior authorizationN-Stalker Web Application Security - Page 12 of
Oracle Single Sign-On Login Page Authentication Credential Disclosure Vulnerability
High LevelCVE : CVE-2007-3304
BID : 24215 OSVDB : 37050
Target Server : http://196.203.190.22:80/
URL : /
Comments
It has been reported that Oracle Single Sign-On login form is prone to an authenticationcredential disclosure vulnerability that that may allow remote attackers to discloseauthentication credentials such as username and passwords of vulnerable users. Workaround:The p_submit_url value in the customized login page can be hard-coded. This will mitigate thisissue since it will not be an input value to the page anymore. The p_submit_url URL value inthe 902 SSO server is in the following format:http(s)://sso_host:port/pls/orasso/orasso.wwsso_app_admin.ls_login Vulnerable versionsincludes: Oracle IAS 9.0.3.1 (and previous), Oracle HTTP Server 9.2.0 (and previous).
Solution
Please, download the latest version.
Referenceshttp://httpd.apache.org/download.cgihttp://www.kb.cert.org/vuls/id/395412http://httpd.apache.org/docs/2.2/new_features_2_2.html
Oracle Single Sign-On Login Page Authentication Credential Disclosure Vulnerability
High Level CVE : 0 BID : 10009 OSVDB : 0
Target Server : http://196.203.190.22:80/
URL : /pls/orasso/orasso.wwsso_app_admin.ls_login
Comments
It has been reported that Oracle Single Sign-On login form is prone to an authenticationcredential disclosure vulnerability that that may allow remote attackers to discloseauthentication credentials such as username and passwords of vulnerable users. Workaround:The p_submit_url value in the customized login page can be hard-coded. This will mitigate thisissue since it will not be an input value to the page anymore. The p_submit_url URL value inthe 902 SSO server is in the following format:http(s)://sso_host:port/pls/orasso/orasso.wwsso_app_admin.ls_login Vulnerable versionsincludes: Oracle IAS 9.0.3.1 (and previous), Oracle HTTP Server 9.2.0 (and previous).
Solution
No solution available.
References
No external references available.
4. Confidentiality ExposureNo vulnerabilities.
5. Cookie ExposureNo vulnerabilities.
6. File & Directory Exposure
8/17/2019 NStalkerReport-22
http://slidepdf.com/reader/full/nstalkerreport-22 13/13
N-Stalker Web ApplicationSecurity Technical Report
Confidential report - must not be disclosed without prior authorizationN-Stalker Web Application Security - Page 13 of
No vulnerabilities.
7. Custom Content InspectionNo vulnerabilities.