Overview
A remotely exploitable denial-of-service vulnerability exists in the Oracle9i Application Server MOD_ORADAV Module.
Description
Oracle has described this vulnerability as follows: A potential security vulnerability has been discovered in Oracle9i Application Server. A knowledgeable and malicious user can exploit exposed URLs: 1) http://host:port/dav_public, and 2) http://host:port/dav_portal, and compromise the MOD_ORADAV module that may result in a remote Denial of Service (DoS). |
Impact
A remote attacker may be able to cause a denial-of-service against the Application Server. |
Solution
Oracle has published Oracle Security Alert #52 regarding this issue. Patches do not yet exist for all platforms. Please refer to Oracle Security Alert #52 for a detailed patch matrix. |
Workarounds
|
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was discovered by David Litchfield and Mark Litchfield of Next Generation Security Software Ltd. The CERT/CC thanks both Next Generation Security Software Ltd and Oracle for providing information upon which this document is based.
This document was written by Ian A Finlay.
Other Information
| CVE IDs: | None |
| Severity Metric: | 13.50 |
| Date Public: | 2003-02-11 |
| Date First Published: | 2003-02-18 |
| Date Last Updated: | 2003-02-19 15:46 UTC |
| Document Revision: | 7 |