Oracle HTTP Server (January 2006 CPU)

critical Nessus Plugin ID 17729

Synopsis

The remote web server may be affected by multiple unspecified vulnerabilities.

Description

According to its banner, the version of Oracle HTTP Server installed on the remote host is potentially affected by multiple vulnerabilities :

- An unspecified information disclosure issue exists. (CVE-2006-0286)

- An unspecified error can allow denial of service attacks. (CVE-2006-0287)

Solution

Apply the appropriate patch according to the January 2006 Oracle Critical Patch Update advisory.

See Also

https://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html

Plugin Details

Severity: Critical

ID: 17729

File Name: oracle_http_server_cpu_jan_2006.nasl

Version: 1.6

Type: remote

Family: Web Servers

Published: 11/21/2011

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:oracle:http_server

Required KB Items: Settings/PCI_DSS, www/oracle

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/17/2006

Vulnerability Publication Date: 1/17/2006

Reference Information

CVE: CVE-2006-0286, CVE-2006-0287

BID: 16287