Oracle Web Listener Arbitrary Command Execution

2000-03-14T00:00:00
ID OSVDB:264
Type osvdb
Reporter OSVDB
Modified 2000-03-14T00:00:00

Description

Vulnerability Description

This host is running the 'Oracle Web Listener'. Web Listener is a component of the Oracle Application Server. The Web Listener contains a flaw that allows an attacker to execute arbitrary commands on this host. An attacker can use this to gain access to this host.

Technical Description

/ows-bin/perlidlc.bat?&dir

Solution Description

Disable the Oracle Web Listener if it's not required. If it is required, remove an extraneous batch files from the ows-bin CGI-BIN directory.

Short Description

This host is running the 'Oracle Web Listener'. Web Listener is a component of the Oracle Application Server. The Web Listener contains a flaw that allows an attacker to execute arbitrary commands on this host. An attacker can use this to gain access to this host.

References:

Snort Signature ID: 1193 Snort Signature ID: 860 Snort Signature ID: 1880 Other Advisory URL: http://www.securiteam.com/windowsntfocus/Oracle_Web_Listener_4_0_x_CGI_vulnerability.html Generic Informational URL: http://www.whitehats.com/info/IDS220 CVE-2000-0169 Bugtraq ID: 1053