Oracle 9iAS Dynamic Monitoring Services /dms0 Anonymous Access

2002-01-10T00:00:00
ID OSVDB:705
Type osvdb
Reporter David Litchfield(david@ngssoftware.com)
Modified 2002-01-10T00:00:00

Description

Vulnerability Description

Oracle Application Server contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when a remote unauthenticated attacker directly accesses the Apache HTTP server Dynamic Monitoring Services, which will disclose sensitive information about the server, resulting in a loss of confidentiality.

Technical Description

These administrative web pages are rarely used in a production environment, so denying all access to them is acceptable. The following directives should be added to the Apache httpd.conf file to achieve this.

<location /dms0> order allow,deny deny from all </location> <location /dms/DMSDump> order allow,deny deny from all </location> <location /servlet/DMSDump> order allow,deny deny from all </location> <location /servlet/Spy> order allow,deny deny from all </location> <location /soap/servlet/Spy> order allow,deny deny from all </location> <location /dms/AggreSpy> order allow,deny deny from all </location>

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s):

Edit httpd.conf to prevent access to the following pages.

Dynamic Monitoring Services http://oracleserver/dms0 http://oracleserver/dms/DMSDump http://oracleserver/servlet/DMSDump http://oracleserver/servlet/Spy http://oracleserver/soap/servlet/Spy http://oracleserver/dms/AggreSpy

Short Description

Oracle Application Server contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when a remote unauthenticated attacker directly accesses the Apache HTTP server Dynamic Monitoring Services, which will disclose sensitive information about the server, resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/dms0

References:

Vendor Specific Advisory URL Snort Signature ID: 1872 Security Tracker: 1009167 Other Advisory URL: http://www.nextgenss.com/papers/hpoas.pdf Nessus Plugin ID:10848 Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=101301813117562&w=2 ISS X-Force ID: 8455 CVE-2002-0563 CERT VU: 168795 Bugtraq ID: 4293