| VID |
22048 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The PL/SQL module in the Oracle 9iAS has a directory traversal vulnerability, which allows remote attackers to break out of the web root and access arbitrary files readable by the operating system account apache is running under.
This problem is due to the fact that the PL/SQL module has a double URL decoding problem and on the first pass converts %255C to %5C and on the second pass converts %5C to "\" and the directory traversal becomes possible.
To check if your site is vulnerable open, you can test it like the following:
http://oracleserver/pls/portal30/admin_/help/..%255Cplsql.conf
* References:
http://www.securityfocus.com/bid/3727
http://www.iss.net/security_center/static/7728.php |
| Recommendation |
Download and install the patch from the Metalink site, http://metalink.oracle.com. |
| Related URL |
CVE-2001-1217 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
