Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:8462
HistoryApr 28, 2005 - 12:00 a.m.

Append file in Oracle Webcache 9i

2005-04-2800:00:00
vulners.com
10
JSON

Name Append file vulnerability in Oracle Webcache 9i
Systems Affected Oracle Application Server with Webcache 9i
Severity Medium Risk
Category Corruption of files
Vendor URL http://www.oracle.com
Author Alexander Kornbrust (ak at red-database-security.com)
Date 26 Apr 2005 (V 1.00)
Advisory AKSEC2003-012
Time to fix ?? days

Details
It is possible to corrupt any file of an Oracle Application Server installation by appending garbage to the file (e.g. httpd.conf). This issue can be combined with cross site scripting vulnerabilities in the webcache administrator application.

Example
http://server01:4000/webcacheadmin?SCREEN_ID=CGA.CacheDump&ACTION=Submit&index=1&cache_dump_file=/opt/ORACLE/ias/9.0.2/Apache/Apache/conf/httpd.conf

Patch Information
Oracle fixed this issue with informing me or their customers.

History
23-sep-2003 Oracle was secalert informed
23-sep-2003 Bug confirmed
26-apr-2005 Red-Database-Security published this advisory

Ā© 2005 by Red-Database-Security GmbH

JSON