| Vulnerability Name: | CCN-7309 | ||||||
| Published: | 2001-10-18 | ||||||
| Updated: | 2001-10-18 | ||||||
| Summary: | Oracle9i Application Server is vulnerable to a denial of service caused by a buffer overflow in the Web Cache services. By sending a specially-crafted GET request containing 4000 characters or more in the header to a Web Cache service, a remote attacker can overflow a buffer and cause the process to hang to consume all available CPU resources. The server must be restarted to regain normal functionality.
The default Web Cache services include the "Incoming Web Cache Proxy" port, the "Administrative" port, the "Web XML" invalidation port, and the "Statistics" port. | ||||||
| CVSS v3 Severity: | 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
| ||||||
| CVSS v2 Severity: | 6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
| ||||||
| Vulnerability Consequences: | Denial of Service | ||||||
| References: | Source: CCN Type: Defcom Labs Advisory def-2001-30 Oracle9iAS Web Cache/2.0.0.1.0 Multiple DoS and buffer overflow Source: CCN Type: Oracle MetaLink Web site Welcome to OracleMetaLInk Source: CCN Type: Oracle Security Alert #18 Oracle9iAS Web Cache Overflow Vulnerability Source: CCN Type: Oracle Security Alert #27 Vulnerabilities in Oracle9i Application Server Web Cache Source: CCN Type: CERT Advisory CA-2001-29 Oracle9iAS Web Cache vulnerable to buffer overflow Source: CCN Type: BID-3765 Oracle Oracle9iAS Web Cache HTTP Header DoS Vulnerability Source: XF Type: UNKNOWN oracle-appserver-header-dos(7309) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||