Unrated severityNVD Advisory· Published May 3, 2001· Updated Apr 16, 2026

CVE-2001-0326

Description

Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the <> FilePermission.

Affected products

Oracle Corporation/Application Server
cpe:2.3:a:oracle:application_server:release_1.0.2.0.1:*:*:*:*:*:*:*
Oracle Corporation/Oracle8i
cpe:2.3:a:oracle:oracle8i:8.1.7_r3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

archives.neohapsis.com/archives/bugtraq/2001-02/0255.htmlnvdExploitPatchVendor Advisory
www.osvdb.org/5706nvd
exchange.xforce.ibmcloud.com/vulnerabilities/6438nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000