| VID |
22350 |
| Severity |
30 |
| Port |
7779, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Oracle9iAS Web Cache, according to its banner, has multiple vulnerabilities (2). Oracle9iAS Application Server Webcache versions prior to 9.0.4.0 are vulnerable to an arbitrary file corruption vulnerability and multiple cross-site scripting vulnerabilities:
1) Multiple Cross-Site Scripting Vulnerabilities: Input passed to the "cache_dump_file" and "PartialPageErrorPage" parameters in "webcacheadmin" script is not properly sanitized before being returned to users. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.
2) Arbitrary File Corruption Vulnerability: An attacker may be able to corrupt arbitrary files on the affected host by passing the filenames through the "cache_dump_file" parameter of the "webcacheadmin" script.
* Note: This check solely relied on the banner of the remote HTTP server to assess this vulnerability, so this might be a false positive.
* References:
http://www.red-database-security.com/advisory/oracle_webcache_append_file_vulnerabilitiy.html
http://www.red-database-security.com/advisory/oracle_webcache_CSS_vulnerabilities.html
http://secunia.com/advisories/15143/
* Platforms Affected:
Oracle, Oracle9iAS Application Server Webcache versions prior to 9.0.4.0
Any operating system Any version |
| Recommendation |
Reportedly, Oracle has fixed the vulnerabilities silently without issuing an advisory. Apply the latest patches, available from the Oracle Support Web page at http://www.oracle.com/support/index.html |
| Related URL |
CVE-2005-1381,CVE-2005-1382 (CVE) |
| Related URL |
13420,13421,13422 (SecurityFocus) |
| Related URL |
(ISS) |
|
