 Alexander Kornbrust has reported two vulnerabilities in Oracle9iAS Web Cache and Oracle Application Server, which can be exploited by malicious people to conduct cross-site scripting attacks, manipulate data, and bypass certain security restrictions.
1) Input passed to the "cache_dump_file" and "PartialPageErrorPage" parameters in "webcacheadmin" on port 4000 is not properly sanitized before being returned to users. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. This can further be exploited to write garbage to arbitrary files via the "cache_dump_file" parameter.
2) Restricted URLs on the Oracle Application Server (port 7779) can be accessed via the Web Cache on port 7778.
The vulnerabilities have been reported on a system with Oracle Application Server and Oracle9iAS Web Cache.
SOFTWARE:
Oracle Application Server 10g
Oracle9i Application Server
Oracle9iAS Web Cache
SOLUTION:
The vendor has reportedly fixed the vulnerabilities silently. Ensure
that the latest patches have been installed.
PROVIDED AND/OR DISCOVERED BY:
Alexander Kornbrust
ORIGINAL ADVISORY:
http://www.red-database-security.com/advisory/oracle_webcache_CSS_vulnerabilities.html
http://www.red-database-security.com/advisory/oracle_webcache_append_file_vulnerabilitiy.html
http://www.red-database-security.com/advisory/oracle_webcache_bypass.html
VERIFY ADVISORY:
http://secunia.com/advisories/15143/
Secunia Security Advisories
| 
Contribute :
Advanced Search :
Web Resources :
Polls :
File Repository
