Oracle Application Server Webcache Requests OHS mod_access Restriction Bypass

low Nessus Plugin ID 18181

Synopsis

The remote web server is affected by an information disclosure vulnerability.

Description

The version of Oracle HTTP Server (OHS) installed on the remote host fails to prevent users from accessing protected URLs by using the Web Cache rather than OHS directly.

Solution

Enable 'UseWebCacheIP' in OHS's httpd.conf.

See Also

http://www.nessus.org/u?88bc18a1

https://seclists.org/bugtraq/2005/Apr/486

Plugin Details

Severity: Low

ID: 18181

File Name: oracle_http_server_modaccess_bypass.nasl

Version: 1.17

Type: remote

Family: Databases

Published: 5/2/2005

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:N/AC:H/Au:S/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:oracle:application_server

Required KB Items: www/OracleApache

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 4/26/2005

Reference Information

CVE: CVE-2005-1383

BID: 13418