|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Steve (steve
securesolutions.org)Date: Wed Oct 24 2001 - 15:23:14 CDT
Reference Date: October 18, 2001
Security Alert #18
Oracle9iAS Web Cache Overflow Vulnerability
Overview
A potential security vulnerability has been discovered in Oracle9iAS Web
Cache 2.0.0.1. This vulnerability enables an attacker to mount a
denial-of-service attack using an oversized HTTP GET request. On some
platforms there is an additional vulnerability that may allow remote
execution of arbitrary code.
Products
Oracle9iAS Web Cache 2.0.0.1
Platforms
All
Patch Solution
Oracle has comprehensively fixed this security vulnerability in the
2.0.0.2 release of Oracle9iAS Web Cache. Supported customers may
download the release for your platform from Oracle's Worldwide Support
web site, Metalink, http://metalink.oracle.com. Press the "Patches"
button to get to the patches web page. Enter the platform and
corresponding patch number from the table below, and press "Submit."
Platform Patch Number
MS Windows NT/2000 Server - 2044682
Sun SPARC Solaris - 2042106
HP-UX - 2043908
Linux - 2043924
Compaq Tru64 UNIX - 2043921
AIX - 2043917
Alternatively, this release may be downloaded for evaluation on Windows
NT, Solaris, HP, and Linux from the Oracle Technology Network,
http://otn.oracle.com/software/content.html.
Credits
Oracle would like to thank George Hedfors and Andreas Junestam of Defcom
Security for promptly bringing this potential security vulnerability to
Oracle's attention.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]