CVE-2004-0385

CVE-2004-0385 describes a heap-based buffer overflow in Oracle Application Server Web Cache, affecting 9iAS Web Cache versions 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9.0.0.4.0. The vulnerability allows remote attackers to execute arbitrary code by sending a long HTTP Request Method header to the We...

Oracle web cache buffer overflow

Heap overflow on invalid HTTP/HTTPS request...

[Full-Disclosure] Heap Overflow in Oracle 9iAS / 10g Application Server Web Cache

InAccess Networks www.inaccessnetworks.com Security Advisory Advisory Name: Heap Overflow in Oracle 9iAS / 10g Application Server Web Cache Release Date: 8 April 2004 Application: Oracle Web Cache - all versions except 9.0.4.0.0 for Windows, AIX & Tru64 which already contain fixes Platform: All...

Oracle Application Server Web Cache <= 9.0.4.0 Multiple Vulnerabilities

The remote host is running a version of Oracle Application Server Web Cache version 9.0.4.0 or older. The installed version is affected by a heap overflow vulnerability. Provided Web Cache is running and configured to listen on Oracle Application Server Web Cache listener port and accept requests...

CVE-2002-2345

Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access...

CVE-2002-0386

The administration module for Oracle Web Cache in Oracle9iAS 9i Application Suite 9.0.2 allows remote attackers to cause a denial of service crash via 1 an HTTP GET request containing a ".." dot dot sequence, or 2 a malformed HTTP GET request with a chunked Transfer-Encoding with missing data...

Oracle9iAS.dos.pl

-----BEGIN PGP SIGNED MESSAGE----- hiya ppl, I have made a quick script to demonstrate the Oracle DOS described in @stakes advisory: Oracle9iAS Web Cache Denial of Service please find the perl script pasted below. regards: eip/deadbeat/AnGrYSQl p.s. I did have about 10submissions but due to...

CVE-2002-0386

The administration module for Oracle Web Cache in Oracle9iAS 9i Application Suite 9.0.2 allows remote attackers to cause a denial of service crash via 1 an HTTP GET request containing a ".." dot dot sequence, or 2 a malformed HTTP GET request with a chunked Transfer-Encoding with missing data...

CVE-2002-0386

The CVE-2002-0386 entry concerns Oracle9iAS Web Cache, specifically the administration module of Oracle Web Cache in Oracle9iAS 9.0.2. The vulnerability allows remote denial of service (crash) via two conditions: (1) an HTTP GET containing a “..” sequence, and (2) a malformed HTTP GET with chunke...

Oracle 9i Application Server 9.0.2 Web Cache Administration Tool - Denial of Service

Oracle 9i Application Server 9.0.2 Web Cache Administration Tool - Denial of Service source: https://www.securityfocus.com/bid/5902/info Oracle 9i Application Server 9iAS allows remote administration via a web access module. This vulnerability affects Oracle 9iAS running on Microsoft Windows. Whe...

Oracle Application Server Web Cache HTTP Request Overflow

It may be possible to make the Oracle9i application server crash or execute arbitrary code by sending it a too long url specially crafted URL. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. References: Date: Thu, 18 Oct 2001 16:16:20 +0200 From: "andreas junestam" Affiliation: Defcom To:...

Oracle Web Cache Admin Module Multiple GET Request Method DoS

It was possible to kill the web server by requesting '/.' or '/../', or sending an invalid request using chunked content encoding. An attacker may exploit this vulnerability to crash the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Script audit and contributions from Carmichae...

Web Server HTTP User-Agent Header Handling Remote Overflow

It was possible to kill the web server by sending an invalid GET request with a long User-Agent field. A remote attacker may exploit this vulnerability to make the web server crash continually or possibly execute arbitrary code. C Tenable Network Security, Inc. Script audit and contributions from...

Oracle Web Cache contains buffer overflow vulnerabilities

Overview The CERT/CC is aware of a report about "several remotely exploitable buffer overflow vulnerabilities in the Oracle Web Cache Server" that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Web Cache process. Description The Oracle Web Cac...

CVE-2002-1641

Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server 9iAS allow remote attackers to execute arbitrary code via unknown vectors...

CVE-2002-0102

Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial of service via 1 a request to TCP ports 1100, 4000, 4001, and 4002 with a large number of null characters, and 2 a request to TCP port 4000 with a large number of "." characters...

CVE-2002-0103

An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by 1 running webcached or 2 obtaining the administrator password from webcache.xml...

CVE-2002-0103

An installer program for Oracle9iAS Web Cache 2.0.0.x creates executable and configuration files with insecure permissions, which allows local users to gain privileges by 1 running webcached or 2 obtaining the administrator password from webcache.xml...

CVE-2002-0103

CVE-2002-0103 affects Oracle9iAS Web Cache 2.0.0.x. An installer creates executable and configuration files with insecure permissions, enabling local privilege escalation. Impacted scenarios include (1) executing webcached to gain privileges and (2) reading webcache.xml to obtain the administrato...

CVE-2002-0102

CVE-2002-0102 affects Oracle9iAS Web Cache 2.0.0.x. The vulnerability allows a remote attacker to cause a denial of service by sending crafted requests: to TCP ports 1100, 4000, 4001, or 4002 with a large number of null characters to TCP port 4000 with a large number of '.' charactersImpact per t...