Vulnerability Note VU#511194
Oracle9i Application Server MOD_ORADAV Module vulnerable to DoS
A remotely exploitable denial-of-service vulnerability exists in the Oracle9i Application Server MOD_ORADAV Module.
Oracle has described this vulnerability as follows:
A potential security vulnerability has been discovered in Oracle9i Application Server. A knowledgeable and malicious user can exploit exposed URLs: 1) http://host:port/dav_public, and 2) http://host:port/dav_portal, and compromise the MOD_ORADAV module that may result in a remote Denial of Service (DoS).
A remote attacker may be able to cause a denial-of-service against the Application Server.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Oracle Corporation||Affected||-||18 Feb 2003|
CVSS Metrics (Learn More)
This vulnerability was discovered by David Litchfield and Mark Litchfield of Next Generation Security Software Ltd. The CERT/CC thanks both Next Generation Security Software Ltd and Oracle for providing information upon which this document is based.
This document was written by Ian A Finlay.
- CVE IDs: Unknown
- Date Public: 11 Feb 2003
- Date First Published: 18 Feb 2003
- Date Last Updated: 19 Feb 2003
- Severity Metric: 13.50
- Document Revision: 7
If you have feedback, comments, or additional information about this vulnerability, please send us email.