Article

Oracle Web Cache exhibits multiple remote vulnerabilities

Edmund X. DeJesus, Contributing Writer

Oracle recommends immediate patching to fix multiple vulnerabilities in the Oracle Web Cache. Oracle declined to provide details, but failure to fix the problems could allow malicious remote exploitation.

Oracle is warning users that Oracle Web Cache contains multiple vulnerabilities, due to errors in handling client requests. Web Cache must be running and listening on the Oracle Application Server Web Cache listener port for any client request for the remote exploit to work. The type of origin Web server (for example, Oracle HTTP Server or Apache) doesn't matter. However, it isn't possible to exploit the vulnerabilities if the client request bypasses Web Cache and is sent directly to the origin Web server. Oracle notes that typical default installations of Oracle Application Server include Web Cache. Web Cache may also be installed as a stand alone.

    Requires Free Membership to View

For more information

Click here for the Oracle advisory (.pdf format).

Or click here for patches.

The vulnerability affects Oracle Application Server Web Cache 10g version 9.0.4.0.0, Oracle9iAS Web Cache version 9.0.3.1.0, Oracle9iAS Web Cache version 9.0.2.3.0, Oracle9iAS Web Cache version 2.0.0.4.0, and E-Business Suite 11i using Oracle iStore 11i (11i.IBE.O and later) with Oracle Web Cache version 9.0.2.2. Note that Oracle9iAS Web Cache version 2.0.0.4.0 is also part of Oracle9iAS Release 1 version 1.0.2.2.0. The problem occurs on all supported platforms, including Sun Solaris, HP/UX, HP Tru64, IBM AIX, Linux and Windows. Oracle Application Server Web Cache 10g version 9.0.4.0.0 on Windows, Tru64, and AIX isn't vulnerable.

Oracle warns that risk to exposure is high and firewalls don't protect against these vulnerabilities. There is no workaround to this problem. Oracle suggests restricting or carefully monitoring access to Web Cache until patches can be applied.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: