Oracle Application Server 9i Webcache < 9.0.4.0 Multiple Vulnerabilities

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote web server is affected by multiple vulnerabilities.

Description :

According to its banner, the version of Oracle Application Server 9i
Webcache installed on the remote host suffers from several flaws:

- Arbitrary File Corruption Vulnerability
An attacker may be able to corrupt arbitrary files on the
remote host by passing the filenames through the
'cache_dump_file' parameter of the 'webcacheadmin' script.

- Multiple Cross-Site Scripting Vulnerabilities
The 'webcacheadmin' script does not properly sanitize the
'cache_dump_file' and 'PartialPageErrorPage' parameters
before using them in dynamically-generated web pages. An
attacker may be able to exploit these flaws to conduct
cross-site scripting attacks against the affected website.

Reportedly, an attacker can exploit both types of vulnerabilities to
corrupt an OAS installation.

See also :

http://www.nessus.org/u?43289aaa
http://www.nessus.org/u?d4b1cbf4

Solution :

Contact Oracle - it's reported that they have addressed these flaws
without issuing an advisory.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 5.0
(CVSS2#E:H/RL:U/RC:C)
Public Exploit Available : true

Family: Databases

Nessus Plugin ID: 18175 ()

Bugtraq ID: 13420
13421
13422

CVE ID: CVE-2005-1381
CVE-2005-1382