Oracle Application Server Web Cache HTTP Request Overflow

Critical Nessus Plugin ID 11081

Synopsis

It may be possible to execute arbitrary code on the remote system.

Description

It may be possible to make the Oracle9i application server crash or execute arbitrary code by sending it a too long url specially crafted URL.

Solution

Apply vendor-supplied patches.

See Also

http://www.nessus.org/u?a96c1e5e

Plugin Details

Severity: Critical

ID: 11081

File Name: oracle9iAS_too_long_url.nasl

Version: 1.30

Type: remote

Family: Databases

Published: 2002/08/14

Updated: 2018/07/16

Dependencies: 10107, 17975

Configuration: Enable paranoid mode

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:application_server_web_cache

Required KB Items: Settings/ParanoidReport

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2001/10/18

Vulnerability Publication Date: 2001/10/18

Reference Information

CVE: CVE-2001-0836

BID: 3443