what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Atstake Security Advisory 02-10-28.1

Atstake Security Advisory 02-10-28.1
Posted Oct 29, 2002
Authored by Atstake, Andreas Junestam | Site atstake.com

Atstake Security Advisory a102802-1 - The Oracle9iAS Web Cache contains two denial of service vulnerabilities that can be triggered remotely by sending specially crafted HTTP requests. The denial of service issues, which affect version 9.0.2.0.0 for Windows NT/2000 and XP, result in an immediate crash of the service. Oracle released a security advisory for this vulnerability. This advisory can be found here.

tags | web, denial of service, vulnerability
systems | windows
SHA-256 | a4dd6a957197a9116d53a98c087ac566509792905aae424939563924d019eaa8

Atstake Security Advisory 02-10-28.1

Change Mirror Download

@stake, Inc.
www.atstake.com

Security Advisory


Advisory Name: Oracle9iAS Web Cache Denial of Service
Release Date: 10-28-2002
Application: Oracle9iAS Web Cache 9.0.2.0.0
Platform: Windows NT/2000/XP
Severity: Remote anonymous DoS
Author: Andreas Junestam (andreas@atstake.com)
Vendor Status: Oracle has released a bulletin
CVE Candidate: CAN-2002-0386
Reference: www.atstake.com/research/advisories/2002/a102802-1.txt


Overview:

Oracle Web Cache is a part of the Oracle Application Server suite. The Web
Cache server is designed to be implemented in front of the Oracle Web
server and act as a caching reverse proxy server.

There exists two different denial of service scenarios, which will cause
the Web Cache service to fail. The denial of service conditions can be
exploited by simple HTTP requests to the Web Cache service.


Detailed Description:

There exists two different denial of service situations in Oracle Web Cache
9.0.2.0.0. The first one is triggered by issuing a HTTP GET request
containing at least one dot-dot-slash contained in the URI:

GET /../ HTTP/1.0
Host: whatever
[CRLF]
[CRLF]

The second denial of service is triggered by issuing an malformed GET
request:

GET / HTTP/1.0
Host: whatever
Transfer-Encoding: chunked
[CRLF]
[CRLF]

Both will create an exception and the service will fail.


Vendor Response:

Vendor was first contacted by @stake: 08-28-2002.
Vendor released a bulletin: 10-04-2002

Oracle has released a bulletin describing a solution to this issue.


Recommendation:

Follow the vendor's instructions detailed in the security bulletin for
this issue.

From the Oracle bulletin:

Customers should follow best security practices for protecting the
administration process from unauthorized users and requests. As such,
Oracle strongly encourages customers to take both of the following
protective measures:
1. Use firewall techniques to restrict access to the Web Cache
administration port.
2. Use the "Secure Subnets" feature of the Web Cache Manager tool to
provide access only to administrators connecting from a list of
permitted IP addresses or subnets.
The potential security vulnerability is being tracked internally at
Oracle and will be fixed by default in the 9.0.4 release of Oracle9i
Application Server.

For more information, see:
http://otn.oracle.com/deploy/security/pdf/2002alert43rev1.pdf


Common Vulnerabilities and Exposures (CVE) Information:

CAN-2002-0386 Oracle9iAS Web Cache Denial of Service


@stake Vulnerability Reporting Policy:
http://www.atstake.com/research/policy/

@stake Advisory Archive:
http://www.atstake.com/research/advisories/

PGP Key:
http://www.atstake.com/research/pgp_key.asc

Copyright 2002 @stake, Inc. All rights reserved.
Login or Register to add favorites

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    8 Files
  • 29
    Sep 29th
    14 Files
  • 30
    Sep 30th
    19 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close