Oracle Application Server 9i Webcache < Multiple Vulnerabilities

This script is Copyright (C) 2005-2017 Tenable Network Security, Inc.

Synopsis :

The remote web server is affected by multiple vulnerabilities.

Description :

According to its banner, the version of Oracle Application Server 9i
Webcache installed on the remote host suffers from several flaws:

- Arbitrary File Corruption Vulnerability
An attacker may be able to corrupt arbitrary files on the
remote host by passing the filenames through the
'cache_dump_file' parameter of the 'webcacheadmin' script.

- Multiple Cross-Site Scripting Vulnerabilities
The 'webcacheadmin' script does not properly sanitize the
'cache_dump_file' and 'PartialPageErrorPage' parameters
before using them in dynamically-generated web pages. An
attacker may be able to exploit these flaws to conduct
cross-site scripting attacks against the affected website.

Reportedly, an attacker can exploit both types of vulnerabilities to
corrupt an OAS installation.

See also :

Solution :

Contact Oracle - it's reported that they have addressed these flaws
without issuing an advisory.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true

Family: Databases

Nessus Plugin ID: 18175 ()

Bugtraq ID: 13420

CVE ID: CVE-2005-1381

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now