News Stay informed about the latest enterprise technology news and product updates.

Oracle Web Cache exhibits multiple remote vulnerabilities

Oracle recommends immediately patching to fix multiple high-risk vulnerabilities in the Oracle Web Cache that impacts all platforms.

Oracle recommends immediate patching to fix multiple vulnerabilities in the Oracle Web Cache. Oracle declined to...

provide details, but failure to fix the problems could allow malicious remote exploitation.

Oracle is warning users that Oracle Web Cache contains multiple vulnerabilities, due to errors in handling client requests. Web Cache must be running and listening on the Oracle Application Server Web Cache listener port for any client request for the remote exploit to work. The type of origin Web server (for example, Oracle HTTP Server or Apache) doesn't matter. However, it isn't possible to exploit the vulnerabilities if the client request bypasses Web Cache and is sent directly to the origin Web server. Oracle notes that typical default installations of Oracle Application Server include Web Cache. Web Cache may also be installed as a stand alone.

For more information

Click here for the Oracle advisory (.pdf format).

Or click here for patches.

The vulnerability affects Oracle Application Server Web Cache 10g version, Oracle9iAS Web Cache version, Oracle9iAS Web Cache version, Oracle9iAS Web Cache version, and E-Business Suite 11i using Oracle iStore 11i (11i.IBE.O and later) with Oracle Web Cache version Note that Oracle9iAS Web Cache version is also part of Oracle9iAS Release 1 version The problem occurs on all supported platforms, including Sun Solaris, HP/UX, HP Tru64, IBM AIX, Linux and Windows. Oracle Application Server Web Cache 10g version on Windows, Tru64, and AIX isn't vulnerable.

Oracle warns that risk to exposure is high and firewalls don't protect against these vulnerabilities. There is no workaround to this problem. Oracle suggests restricting or carefully monitoring access to Web Cache until patches can be applied.

Dig Deeper on Web Server Threats and Countermeasures

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.