Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:8463
HistoryApr 28, 2005 - 12:00 a.m.

Webcache Client Requests bypasses OHS mod_access restrictions

2005-04-2800:00:00
vulners.com
11
JSON

Name Webcache Client Requests bypasses OHS mod_access Restrictions
Systems Affected Oracle Application Server - OHS 1.0.2 - 10.x
Severity Low Risk
Category Bypass protected URLs via Webcache
Vendor URL http://www.oracle.com
Author Alexander Kornbrust (ak at red-database-security.com)
Date 26 Apr 2005 (V 1.00)
Advisory AKSEC2003-015

Details
It is possible to access protected URLs by using webcache.

Example
(Port 7778 = Webcache, Port 7779 = OHS)

The following URLs are NOT protected if you access them via Webcache:
http://server01:7778/dmsoc4j/AggreSpy?format=metrictable&nountype=ohs_child&orderby=Name
http:// server01:7778/server-status
http:// server01:7778/dms0

The following URLs are protected:
http://server01:7779/dmsoc4j/AggreSpy?format=metrictable&nountype=ohs_child&orderby=Name
http:// server01:7779/server-status
http:// server01:7779/dms0

Workaround
Add "UseWebCacheIP ON" to httpd.conf.

Patch Information
Oracle fixed this issue by introducing the parameter "UseWebcacheIP" to the Oracle HTTP Server(OHS), but never informed their customers about this issue with an security alert.

References:
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=263943.1

History
01-oct-2003 Oracle secalert was informed
01-oct-2003 Bug confirmed
26-apr-2005 Red-Database-Security published this advisory

Ā© 2005 by Red-Database-Security GmbH

JSON