header-logo
Suggest Exploit
vendor:
Oracle 9i Application Server (9iAS)
by:
SecurityFocus
7.5
CVSS
HIGH
Remote Administration Vulnerability
20
CWE
Product Name: Oracle 9i Application Server (9iAS)
Affected Version From: Oracle 9iAS
Affected Version To: Oracle 9iAS
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Microsoft Windows
2002

Oracle 9i Application Server (9iAS) Remote Administration Vulnerability

Oracle 9i Application Server (9iAS) allows remote administration via a web access module. When a custom request is sent to the Web Administration module, the module may react unpredictably. By sending a malicious custom request to the module, it is possible to cause the administration server to crash. A manual restart of the server is required to resume service.

Mitigation:

Restrict access to the web administration module and ensure that all requests are properly validated.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5902/info

Oracle 9i Application Server (9iAS) allows remote administration via a web access module. This vulnerability affects Oracle 9iAS running on Microsoft Windows.

When a custom request is sent to the Web Administration module, the module may react unpredictably. By sending a malicious custom request to the module, it is possible to cause the administration server to crash. A manual restart of the server is required to resume service.

GET /../ HTTP/1.1
host: hostname
<ENTER>
<ENTER>

GET /example.html/ HTTP/1.1
host: host name
Transfer-Encoding: chunked
<ENTER>
<ENTER>

Navigation

Suggest Exploit

Services By CQR