CVE-2002-0559

Severity

75%

Complexity

99%

Confidentiality

106%

Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Oracle

First reported 22 years ago

2002-07-03 04:00:00

Last updated 7 years ago

2017-12-19 02:29:00

Affected Software

Oracle Application Server 9i 1.0.2

1.0.2

Oracle Oracle9iAS Web Cache 2.0.0.0

2.0.0.0

Oracle Oracle9iAS Web Cache 2.0.0.1

2.0.0.1

Oracle Oracle9iAS Web Cache 2.0.0.2

2.0.0.2

Oracle Oracle9iAS Web Cache 2.0.0.3

2.0.0.3

References

20020206 Multiple Buffer Overflows in Oracle 9iAS

Patch, Vendor Advisory

http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf

http://www.nextgenss.com/papers/hpoas.pdf

4032

Patch, Vendor Advisory

oracle-appserver-plsql-bo(8095)

oracle-appserver-plsql-authclient-bo(8096)

oracle-appserver-plsql-cache-bo(8097)

oracle-appserver-plsql-adddad-bo(8098)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.