NASLDB: OraMon config/oramon.ini Information Disclosure
General
ID: 35008
Name: OraMon config/oramon.ini Information Disclosure
Summary: Tries to read oramon.ini
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS Temporal Vector: –
Port: 80
Family: CGI abuses
Type: Remote
Description
The remote host is running OraMon, an Oracle database monitoring tool
written in PHP.
The OraMon installation on the remote host stores its configuration
file in the web document directory and fails to restrict access to it.
An unauthenticated attacker can retrieve it and discover sensitive
information, such as credentials used for connecting to an Oracle
database.
Exploiting
Exploit Available: True
Exploitability Ease: Exploits are available
Sources
CVE: –
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: –
Patch Release: –
Plugin Release: 2008/12/03
Plugin
Version: 1.6
Filename: oramon_ini_info_disclosure.nasl
Filesize: 3246 bytes
MD5 Hash: 64c79c9239b16a1b26f9d5179b97909d
Identification: –
Require Keys: www/PHP
Dependencies: "http_version.nasl"
Copyright: This script is Copyright© 2008-2012 Tenable Network Security, Inc.
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack