| Vulnerability Name: | CVE-2002-0102 (CCN-7310) | ||||||||
| Assigned: | 2001-10-18 | ||||||||
| Published: | 2001-10-18 | ||||||||
| Updated: | 2017-12-19 | ||||||||
| Summary: | Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial of service via (1) a request to TCP ports 1100, 4000, 4001, and 4002 with a large number of null characters, and (2) a request to TCP port 4000 with a large number of "." characters. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: MITRE Type: CNA CVE-2002-0102 Source: CCN Type: Defcom Labs Advisory def-2001-30 Oracle9iAS Web Cache/2.0.0.1.0 Multiple DoS and buffer overflow Source: CCN Type: Oracle MetaLink Web site Welcome to OracleMetaLInk Source: CCN Type: Oracle Security Alert #18 Oracle9iAS Web Cache Overflow Vulnerability Source: CCN Type: Oracle Security Alert #27 Vulnerabilities in Orcale9i Application Server Web Cache Source: CONFIRM Type: Patch, Vendor Advisory http://otn.oracle.com/deploy/security/pdf/webcache2.pdf Source: CCN Type: CERT Advisory CA-2001-29 Oracle9iAS Web Cache vulnerable to buffer overflow Source: BID Type: UNKNOWN 3760 Source: CCN Type: BID-3760 Oracle9iAS Web Cache Null Character Denial Of Service Vulnerability Source: BID Type: UNKNOWN 3762 Source: CCN Type: BID-3762 Oracle9iAS Web Cache Multiple Periods Denial Of Service Vulnerability Source: XF Type: UNKNOWN oracle-appserver-admin-dos(7310) Source: XF Type: UNKNOWN oracle-appserver-null-dos(7765) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Vulnerability Name: | CVE-2002-0102 (CCN-7765) | ||||||||
| Assigned: | 2001-12-28 | ||||||||
| Published: | 2001-12-28 | ||||||||
| Updated: | 2001-12-28 | ||||||||
| Summary: | Oracle9i Application Server is vulnerable to a denial of service attack, caused by a vulnerability in the Web Cache services. A remote attacker can send specially-crafted GET requests containing NULL characters to the default Web Cache services ports to cause the process to hang and consume all available CPU resources. The server must be restarted to regain normal functionality.
The default Web Cache services include the "Incoming Web Cache Proxy" port, the "Administrative" port, the "Web XML" invalidation port, and the "Statistics" port. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: MITRE Type: CNA CVE-2002-0102 Source: CCN Type: Oracle Security Alert #27 Vulnerabilities in Orcale9i Application Server Web Cache Source: CCN Type: BID-3760 Oracle9iAS Web Cache Null Character Denial Of Service Vulnerability Source: CCN Type: BID-3762 Oracle9iAS Web Cache Multiple Periods Denial Of Service Vulnerability Source: XF Type: UNKNOWN oracle-appserver-null-dos(7765) | ||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||