header-logo
Suggest Exploit
vendor:
Oracle HTTP Server
by:
Unknown
5.5
CVSS
MEDIUM
Access Control Vulnerability
CWE
Product Name: Oracle HTTP Server
Affected Version From: Oracle9i Application Server
Affected Version To:
Patch Exists: YES
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2003

Vulnerability in mod_oradav module for Oracle HTTP Server

The mod_oradav module for Oracle HTTP Server included in Oracle9i Application Server is prone to a vulnerability. This is related to access controls on the '/dav_public' and '/dav_portal' directories, allowing a malicious user to fill up the directory. It is not known if this could have other security impacts.

Mitigation:

This issue was mentioned in the patch readme for the Oracle Critical Patch Update for July. This issue was also addressed by Oracle Security Alert #52, dated Feb 13, 2003.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14274/info

The mod_oradav module for Oracle HTTP Server included in Oracle9i Application Server is prone to a vulnerability. This is related to access controls on the '/dav_public' and '/dav_portal' directories, allowing a malicious user to fill up the directory. It is not known if this could have other security impacts.

This issue was mentioned in the patch readme for the Oracle Critical Patch Update for July. This issue was also addressed by Oracle Security Alert #52, dated Feb 13, 2003. 

http://www.example.com/dav_public
http://www.example.com/dav_portal

Navigation

Suggest Exploit

Services By CQR