Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbAlexander KornbrustEDB-ID:25561
HistoryApr 28, 2005 - 12:00 a.m.

Oracle Application Server 9i Webcache - Arbitrary File Corruption

2005-04-2800:00:00
Alexander Kornbrust
www.exploit-db.com
15

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/13420/info

Oracle Application Server 9i Webcache is prone to an arbitrary file corruption vulnerability.

The issue exists becaue dangerous characters are not removed from a certain parameter value, allowing an attacker to construct a URI that contains an absolute path to any target file.

If this URI is followed by a user with sufficient privileges, garbage data is appended to the end of the specified file. 

http://example.com:4000/webcacheadmin?SCREEN_ID=CGA.CacheDump&ACTION=Submit&index=1&cache_dump_file=/opt/ORACLE/ias/9.0.2/Apache/Apache/conf/httpd.conf

Related

checkpoint_advisories 1
nvd 1
cve 1
cvelist 1
nessus 1
checkpoint_advisories
checkpoint_advisories
Oracle Application Server 9i Webcache File Corruption (CVE-2005-1382)
2010-03-31 00:00:00
nvd
nvd
CVE-2005-1382
2005-05-03 04:00:00
cve
cve
CVE-2005-1382
2005-05-03 04:00:00
cvelist
cvelist
CVE-2005-1382
2005-05-02 04:00:00
nessus
nessus
Oracle Application Server 9i Webcache < 9.0.4.0 Multiple Vulnerabilities
2005-05-02 00:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:25561
checkpoint_advisories1nvd1cve1cvelist1nessus1