|
Family: Databases --> Category: infos
Oracle Application Server 9i Webcache < 9.0.4.0 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Checks for multiple vulnerabilities in Oracle Application Server 9i Webcache < 9.0.4.0
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server is affected by multiple vulnerabilities.
Description :
According to its banner, the version of Oracle Application Server 9i
Webcache installed on the remote host suffers from several flaws:
- Arbitrary File Corruption Vulnerability
A possible hacker may be able to corrupt arbitrary files on the
remote host by passing the filenames through the
'cache_dump_file' parameter of the 'webcacheadmin' script.
- Multiple Cross-Site Scripting Vulnerabilities
The 'webcacheadmin' script does not properly sanitize the
'cache_dump_file' and 'PartialPageErrorPage' parameters
before using them in dynamically generated web pages. An
attacker may be able to exploit these flaws to conduct
cross-site scripting attacks against the affected web site.
Reportedly, a possible hacker can exploit both types of vulnerabilities to
corrupt an OAS installation.
See also :
http://www.red-database-security.com/advisory/oracle_webcache_append_file_vulnerabilitiy.html
http://www.red-database-security.com/advisory/oracle_webcache_CSS_vulnerabilities.html
Solution :
Contact Oracle - it's reported that they have addressed these flaws
without issuing an advisory.
Threat Level:
Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:N/A:N/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|