CVE-2001-0326

Published: May 3, 2001Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the <<ALL FILES>> FilePermission.

Affected (2)

Products: Oracle: Application Server, Oracle8i

2 products

Application Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Oracle Application Server	Version release_1.0.2.0.1
Oracle Oracle8i	Version 8.1.7_r3

References (6)

http://archives.neohapsis.com/archives/bugtraq/2001-02/0255.html

Source: cve@mitre.org

ExploitPatchVendor Advisory

http://www.osvdb.org/5706

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/6438

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2001-02/0255.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

http://www.osvdb.org/5706

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/6438

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.