CVE-2005-1383

Severity

75%

Complexity

99%

Confidentiality

106%

The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, in Oracle Application Server allows remote attackers to bypass HTTP Server mod_access restrictions via a request to the webcache TCP port 7778.

The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, in Oracle Application Server allows remote attackers to bypass HTTP Server mod_access restrictions via a request to the webcache TCP port 7778.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Oracle Oracle10g Application Server

First reported 19 years ago

2005-05-03 04:00:00

Last updated 7 years ago

2017-07-11 01:32:00

Affected Software

Oracle Oracle10g Application Server 10.1.0.2

10.1.0.2

Oracle Oracle10g Application Server 10.1.0.3

10.1.0.3

Oracle Oracle10g Application Server 10.1.0.3.1

10.1.0.3.1

Oracle Oracle10g Application Server 10.1.2

10.1.2

References

20050428 Webcache Client Requests Bypass OHS mod_access Restrictions

15143

15908

Exploit, Patch

http://www.red-database-security.com/advisory/oracle_webcache_bypass.html

Exploit, Patch

13418

Exploit, Patch

oracle9ias-application-cache-url-bypass(20311)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.