CERTA-2003-AVI-024
Vulnerability from certfr_avis

None

Description

Deux vulnérabilités permettent d'effectuer des dénis de service à l'aide d'URLs malicieusement construites.

Contournement provisoire

La première vulnérabilité peut être corrigée en modifiant la variable DAV du fichier moddav.conf (situé dans le répertoire ORACLE\_HOME/Apache/oradav/conf) :

remplacer DAV on par DAV off.

Solution

Appliquer les correctifs disponibles sur le site d'Oracle suivant les versions et les plates-formes afin de corriger ces vulnérabilités (cf. Documentation).

Une première vulnérabilité affecte la version 9.0.2 d'Oracle9i Application Server, la seconde vulnérabilité concerne également la version 9.0.3.

Impacted products
Vendor Product Description
References
Bulletin d'alerte #52 d'Oracle None vendor-advisory

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eUne premi\u00e8re vuln\u00e9rabilit\u00e9 affecte la version  \u003cCODE\u003e9.0.2\u003c/CODE\u003e d\u0027Oracle9i Application Server, la seconde  vuln\u00e9rabilit\u00e9 concerne \u00e9galement la version  \u003cCODE\u003e9.0.3\u003c/CODE\u003e.\u003c/P\u003e",
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s permettent d\u0027effectuer des d\u00e9nis de service \u00e0 l\u0027aide\nd\u0027URLs malicieusement construites.\n\n## Contournement provisoire\n\nLa premi\u00e8re vuln\u00e9rabilit\u00e9 peut \u00eatre corrig\u00e9e en modifiant la variable\n`DAV` du fichier `moddav.conf` (situ\u00e9 dans le r\u00e9pertoire\n`ORACLE\\_HOME/Apache/oradav/conf`) :\n\nremplacer `DAV on` par `DAV off`.\n\n## Solution\n\nAppliquer les correctifs disponibles sur le site d\u0027Oracle suivant les\nversions et les plates-formes afin de corriger ces vuln\u00e9rabilit\u00e9s (cf.\nDocumentation).\n",
  "cves": [],
  "initial_release_date": "2003-02-17T00:00:00",
  "last_revision_date": "2003-02-17T00:00:00",
  "links": [],
  "reference": "CERTA-2003-AVI-024",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2003-02-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9s dans Oracle9i Application Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin d\u0027alerte #52 d\u0027Oracle",
      "url": "http://otn.oracle.com/deploy/security/pdf/2003alert52.pdf"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.