Oracle9i Application Server MOD_ORADAV module denial of service
| oracle-appserver-modoradav-dos (11331) |  Medium Risk |
Description:
Oracle9i Application Server is vulnerable to a denial of service attack, caused by format string vulnerability in the MOD_ORADAV module. A remote attacker could send a specially-crafted URL request to the DAV_PUBLIC or DAV_PORTAL directory to compromise the MOD_ORADAV module and cause a denial of service against the affected server.
Consequences:
Denial of Service
Remedy:
Apply the appropriate patch for your system, as listed in Oracle Security Alert #52. See References.
References:
- CERT Advisory CA-2003-05: Multiple Vulnerabilities in Oracle Servers.
- CIAC Information Bulletin N-046: Multiple Vulnerabilities in Oracle Servers.
- NGSSoftware Insight Security Research Advisory #NISR16022003d: Oracle9i Application Server Format String Vulnerability.
- Oracle Security Alert #52: Two Security Vulnerabilities in Oracle9i Application Server.
- BID-6851: Oracle 9i Application Server mod_oradav Module Format String Vulnerability
- US-CERT VU#511194: Oracle9i Application Server MOD_ORADAV Module vulnerable to DoS
Platforms Affected:
- Oracle Application Server 9.0.2
- Oracle Application Server 9.0.3
Reported:
Feb 11, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net