Oracle 9iAS mod_plsql Help Page Request Remote Overflow

This script is Copyright (C) 2002-2014 Matt Moore


Synopsis :

Arbitrary code may be run on the remote host.

Description :

Oracle 9i Application Server uses Apache as it's web
server. There is a buffer overflow in the mod_plsql module
which allows an attacker to run arbitrary code.

See also :

http://www.nessus.org/u?f6231377
http://www.nessus.org/u?6e6ebd76

Solution :

Oracle has released a patch for this vulnerability, which
is available from:

http://metalink.oracle.com

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Databases

Nessus Plugin ID: 10840 ()

Bugtraq ID: 3726

CVE ID: CVE-2001-1216