Oracle Application Server sendmail.jsp Sample Script Arbitrary Mail Relay

2002-01-10T22:24:38
ID OSVDB:16862
Type osvdb
Reporter OSVDB
Modified 2002-01-10T22:24:38

Description

Vulnerability Description

Oracle Application Server contains a flaw that may allow a malicious user to relay arbitrary mail. The issue is due to a error of "sendmail.jsp" script. It is possible that the flaw may allow an attacker to send arbitrary emails from the Oracle server or disclose environment variables and other data, resulting in a loss of integrity and confidentiality.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released a patch to address this vulnerability.

Short Description

Oracle Application Server contains a flaw that may allow a malicious user to relay arbitrary mail. The issue is due to a error of "sendmail.jsp" script. It is possible that the flaw may allow an attacker to send arbitrary emails from the Oracle server or disclose environment variables and other data, resulting in a loss of integrity and confidentiality.

References:

ISS X-Force ID: 8664 CVE-2002-1630 CERT VU: 717827 Bugtraq ID: 6556