Short Name |
DB:ORACLE:EXP-APP-WEBCACHE |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
DB |
Keywords |
Oracle Application Server Web Cache |
Release Date |
2005/06/01 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against the Oracle Application Server Web Cache. A successful attack can lead to overwrite arbitrary files on the server.
Oracle Application Server 9i Webcache is prone to an arbitrary file corruption vulnerability. The issue exists becaue dangerous characters are not removed from a certain parameter value, allowing an attacker to construct a URI that contains an absolute path to any target file. If this URI is followed by a user with sufficient privileges, garbage data is appended to the end of the specified file.