Full Disclosure mailing list archives
File appending vulnerability in Oracle Webcache 9i
From: "Kornbrust, Alexander" <ak () red-database-security com>
Date: Thu, 28 Apr 2005 19:18:50 +0200
Red-Database-Security GmbH Research Advisory Name Append file vulnerability in Oracle Webcache 9i Systems Affected Oracle Webcache Severity Medium Risk Category Corruption of files Vendor URL http://www.oracle.com Author Alexander Kornbrust (ak at red-database-security.com) Date 26 Apr 2005 (V 1.00) Advisory number AKSEC2003-012 Description ########### File appending vulnerability in Oracle Webcache 9i. More details available: ####################### It is possible to append garbage to files of the Oracle Application Server installation. This vulnerability can be combined with CSS. http://www.red-database-security.com/advisory/oracle_webcache_append_fil e_vulnerabilitiy.html Patch Information ################# This issue was fixed silently. Apply the latest patchset for Oracle Application Server. History: ######## 23 September 2003 Oracle secalert was informed 23 September 2003 Bug confirmed 26 April 2005 Advisory released About Red-Database-Security GmbH ################################# Red-Database-Security GmbH is a specialist in Oracle Security. http://www.red-database-security.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- File appending vulnerability in Oracle Webcache 9i Kornbrust, Alexander (Apr 28)