Signature Detail
Short Name |
APP:ORACLE:WEBCACHE-METHOD-OF |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Oracle Web Cache Method Overflow |
Release Date |
2004/04/14 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
APP: Oracle Web Cache Method Overflow
This signature detects attempts to exploit a known flaw in the Oracle Application Server Web Cache. A successful attack can lead to arbitrary code execution.
Extended Description
Oracle Application Server Web Cache is prone to a remotely exploitable heap overrun when handling excessive data specified in HTTP Requests. This issue could be triggered through the HTTP or HTTPS ports of the service, which are user-configurable (by default HTTP is 7777/TCP and 4443/TCP is for HTTPS). It has been reported that these ports are normally reconfigured to 80/TCP and 443/TCP for HTTP and HTTPS respectively when making the service remotely accessible. The vulnerability affects all platforms that the software runs on and may be exploited to execute arbitrary code in the context of the server process.
Affected Products
- Oracle Application Server Web Cache 10g 9.0.4 .0
- Oracle Oracle9i Application Server Web Cache 2.0.0 .0.4
- Oracle Oracle9i Application Server Web Cache 9.0.2 .2
- Oracle Oracle9i Application Server Web Cache 9.0.2 .3
- Oracle Oracle9i Application Server Web Cache 9.0.3 .1
References