Oracle 9iAS mod_plsql Help Page Request Remote Overflow

high Nessus Plugin ID 10840

Synopsis

Arbitrary code may be run on the remote host.

Description

Oracle 9i Application Server uses Apache as it's web server. There is a buffer overflow in the mod_plsql module which allows an attacker to run arbitrary code.

Solution

Oracle has released a patch for this vulnerability, which is available from:

http://metalink.oracle.com

See Also

http://www.nessus.org/u?f6231377

http://www.nessus.org/u?6e6ebd76

Plugin Details

Severity: High

ID: 10840

File Name: oracle9i_mod_plsql_overflow.nasl

Version: 1.34

Type: remote

Family: Databases

Published: 1/25/2002

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:oracle:application_server

Required KB Items: www/OracleApache

Exploit Ease: No known exploits are available

Patch Publication Date: 12/20/2001

Vulnerability Publication Date: 5/7/2001

Reference Information

CVE: CVE-2001-1216

BID: 3726