Oracle Web Cache exhibits multiple remote vulnerabilities

Oracle recommends immediately patching to fix multiple high-risk vulnerabilities in the Oracle Web Cache that impacts all platforms.

Oracle recommends immediate patching to fix multiple vulnerabilities in the Oracle Web Cache. Oracle declined to provide details, but failure to fix the problems could allow malicious remote exploitation.

Oracle is warning users that Oracle Web Cache contains multiple vulnerabilities, due to errors in handling client requests. Web Cache must be running and listening on the Oracle Application Server Web Cache listener port for any client request for the remote exploit to work. The type of origin Web server (for example, Oracle HTTP Server or Apache) doesn't matter. However, it isn't possible to exploit the vulnerabilities if the client request bypasses Web Cache and is sent directly to the origin Web server. Oracle notes that typical default installations of Oracle Application Server include Web Cache. Web Cache may also be installed as a stand alone.

For more information

Click here for the Oracle advisory (.pdf format).

Or click here for patches.

The vulnerability affects Oracle Application Server Web Cache 10g version 9.0.4.0.0, Oracle9iAS Web Cache version 9.0.3.1.0, Oracle9iAS Web Cache version 9.0.2.3.0, Oracle9iAS Web Cache version 2.0.0.4.0, and E-Business Suite 11i using Oracle iStore 11i (11i.IBE.O and later) with Oracle Web Cache version 9.0.2.2. Note that Oracle9iAS Web Cache version 2.0.0.4.0 is also part of Oracle9iAS Release 1 version 1.0.2.2.0. The problem occurs on all supported platforms, including Sun Solaris, HP/UX, HP Tru64, IBM AIX, Linux and Windows. Oracle Application Server Web Cache 10g version 9.0.4.0.0 on Windows, Tru64, and AIX isn't vulnerable.

Oracle warns that risk to exposure is high and firewalls don't protect against these vulnerabilities. There is no workaround to this problem. Oracle suggests restricting or carefully monitoring access to Web Cache until patches can be applied.

Dig deeper on Web Server Threats and Countermeasures

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close