Vulnerability Note VU#291555
Oracle Web Cache contains buffer overflow vulnerabilities
The CERT/CC is aware of a report about "several remotely exploitable buffer overflow vulnerabilities in the Oracle Web Cache Server" that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Web Cache process.
The Oracle Web Cache acts as a reverse proxy, caching static and dynamic content generated from Oracle Application web servers. The CERT/CC is aware of a report of several buffer overflow vulnerabilities in the Oracle Web Cache. The report implies that the vulnerabilities exist in the Oracle Web Cache Manager, which is a web-based administration interface for the Oracle Web Cache. Further details about these vulnerabilities are not presently available, as the reporter (NGSSoftware) has intentionally released limited information in accordance with their disclosure policy. NGSSoftware reports that Oracle9iAS v126.96.36.199 for Windows NT/2000 was tested.
An unauthenticated remote attacker could execute arbitrary code or cause a denial of service on a vulnerable system. The Oracle Web Cache may run as SYSTEM on Windows NT and Windows 2000 systems.
Apply a Patch
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Oracle||Affected||31 May 2002||18 Jun 2002|
CVSS Metrics (Learn More)
The CERT/CC thanks David Litchfield of NGSSoftware for information used in this document.
This document was written by Art Manion
- CVE IDs: Unknown
- Date Public: 27 May 2002
- Date First Published: 04 Jun 2002
- Date Last Updated: 15 Nov 2002
- Severity Metric: 7.00
- Document Revision: 26
If you have feedback, comments, or additional information about this vulnerability, please send us email.