Detections
Analytics

Oracle Web Cache Admin Module Multiple GET Request Method DoS

medium Nessus Plugin ID 11076

Synopsis

The remote web server appears to be affected by a denial of service condition.

Description

It was possible to kill the web server by requesting '/.' or '/../', or sending an invalid request using chunked content encoding. An attacker may exploit this vulnerability to crash the web server.

Solution

upgrade your software or protect it with a filtering reverse proxy

See Also

http://www.oracle.com/technology/deploy/security/pdf/2002alert43rev1.pdf

Plugin Details

Severity: Medium

ID: 11076

File Name: oracle9iAS_slashdot_DoS.nasl

Version: 1.25

Type: remote

Family: Databases

Published: 8/14/2002

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:oracle:application_server

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 10/4/2002

Reference Information

CVE: CVE-2002-0386

BID: 3765, 5902