Oracle Application Server 9i Webcache Arbitrary File Corruption Vulnerability
BID:13420
Info
Oracle Application Server 9i Webcache Arbitrary File Corruption Vulnerability
| Bugtraq ID: | 13420 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-1382 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 28 2005 12:00AM |
| Updated: | Jul 12 2009 02:06PM |
| Credit: | Discovery of this issue is credited to Alexander Kornbrust. |
| Vulnerable: |
Oracle Oracle9i Application Server Web Cache 9.0.3 .1 Oracle Oracle9i Application Server Web Cache 9.0.2 .3 Oracle Oracle9i Application Server Web Cache 9.0.2 .2 Oracle Oracle9i Application Server Web Cache 2.0 .0.4 Oracle Oracle9i Application Server Web Cache 2.0 .0.3 Oracle Oracle9i Application Server Web Cache 2.0 .0.2 NT Oracle Oracle9i Application Server Web Cache 2.0 .0.2 Oracle Oracle9i Application Server Web Cache 2.0 .0.1 Oracle Oracle9i Application Server Web Cache 2.0 .0.0 |
| Not Vulnerable: | |
Discussion
Oracle Application Server 9i Webcache Arbitrary File Corruption Vulnerability
Oracle Application Server 9i Webcache is prone to an arbitrary file corruption vulnerability.
The issue exists becaue dangerous characters are not removed from a certain parameter value, allowing an attacker to construct a URI that contains an absolute path to any target file.
If this URI is followed by a user with sufficient privileges, garbage data is appended to the end of the specified file.
Oracle Application Server 9i Webcache is prone to an arbitrary file corruption vulnerability.
The issue exists becaue dangerous characters are not removed from a certain parameter value, allowing an attacker to construct a URI that contains an absolute path to any target file.
If this URI is followed by a user with sufficient privileges, garbage data is appended to the end of the specified file.
Exploit / POC
Oracle Application Server 9i Webcache Arbitrary File Corruption Vulnerability
The following example is available:
http://example.com:4000/webcacheadmin?SCREEN_ID=CGA.CacheDump&ACTION=Submit&index=1&cache_dump_file=/opt/ORACLE/ias/9.0.2/Apache/Apache/conf/httpd.conf
The following example is available:
http://example.com:4000/webcacheadmin?SCREEN_ID=CGA.CacheDump&ACTION=Submit&index=1&cache_dump_file=/opt/ORACLE/ias/9.0.2/Apache/Apache/conf/httpd.conf
Solution / Fix
Oracle Application Server 9i Webcache Arbitrary File Corruption Vulnerability
Solution:
Reports indicate that this issue was silently addressed by the vendor. This is not confirmed. Customers are advised to contact the vendor for further information regarding obtaining and applying an appropriate fix.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Reports indicate that this issue was silently addressed by the vendor. This is not confirmed. Customers are advised to contact the vendor for further information regarding obtaining and applying an appropriate fix.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Oracle Application Server 9i Webcache Arbitrary File Corruption Vulnerability
References:
References:
- Append file vulnerability in Oracle Webcache 9i (Alexander Kornbrust)
- Oracle Homepage (Oracle)