| VID |
12027 |
| Severity |
40 |
| Port |
4001, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Oracle9iAS Web Cache has a buffer overflow vulnerability via a long HTTP GET request.
Oracle9iAS Web Cache provides four services, which are enabled by default when the software is installed. The following describes theses services and the associated ports they listen on.
- incoming web cache proxy : 1100/tcp
- administrative interface : 4000/tcp
- web XML invalidation port : 4001/tcp
- statistics port : 4002/tcp
For Oracle9iAS Web Cache 2.0.0.1, the listed services have a buffer overflow vulnerability, arises when a remote attacker sends long specially crafted HTTP GET request with 3095 'A' characters and 4 'N' characters to the Web Cache server as the following:
GET /AAAA....['A'*3095]....AAAANNNN HTTP/1.0
Such request will cause the buffer to overflow on the server. This overflow can simply disrupt the normal operation of the Web Cache or execute arbitrary code with the privileges the Web Cache process. In the worse case, a remote attacker can intercept or modify sensitive data passing through the Web Cache server and gain access to other system by using Web Cache as an entry pointer into the network.
* References:
http://otn.oracle.com/deploy/security/pdf/webcache.pdf
http://www.securityfocus.com/bid/3443
http://www.iss.net/security_center/static/7306.php
* Platforms Affected :
Oracle9iAS Web Cache 2.0.0.1
Oracle9iAS Web Cache 2.0.0.2 on the Windows NT |
| Recommendation |
Upgrade to the Oracle9iAS Web Cache 2.0.0.2 or later fixed this vulnerability.
-- OR --
Apply the Patch from the Oracle's Metalink web site:
1. Go to the Oracle's Metalink web site - http://metalink.oracle.com
2. After logging into the Metalink, click the "Patches" button.
3. Enter the platforms and corresponding patch number as the following list and click the "submit" button.
MS-Windows NT/2000 Server - Patch #2044682
Sun SPARC Solaris - Patch #2042106
HP-UX - Patch #2043908
Linux - Patch #2043924
Compaq Tru64 UNIX - Patch #2043921
AIX - Patch #2043917 |
| Related URL |
CVE-2001-0836 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
