CVE-2005-1382
CVSS5.0
发布时间 :2005-05-03 00:00:00
修订时间 :2016-10-17 23:19:39
NMCOS    

[原文]The webcacheadmin module in Oracle Webcache 9i allows remote attackers to corrupt arbitrary files via a full pathname in the cache_dump_file parameter.


[CNNVD]Oracle Application Server 9i Webcache任意文件破坏漏洞(CNNVD-200505-854)

        Oracle应用服务器是一个综合解决方案,用于开发、集成和部署企业的应用系统、门户和网站。
        Oracle Application Server 9i Webcache中存在任意文件破坏漏洞,起因是没有删除某些参数值中的危险字符,这样攻击者就可以创建包含有到任意目标文件绝对路径的URI。如果有足够权限的用户跟随了这个URI的话,就可能在指定的文件后附加垃圾数据。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1382
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1382
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-854
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=111472615519295&w=2
(UNKNOWN)  BUGTRAQ  20050428 File appending vulnerability in Oracle Webcache 9i
http://www.red-database-security.com/advisory/oracle_webcache_append_file_vulnerabilitiy.html
(VENDOR_ADVISORY)  MISC  http://www.red-database-security.com/advisory/oracle_webcache_append_file_vulnerabilitiy.html
http://www.securityfocus.com/bid/13420
(VENDOR_ADVISORY)  BID  13420
http://xforce.iss.net/xforce/xfdb/20310
(VENDOR_ADVISORY)  XF  oracle9ias-application-cache-file-corruption(20310)

- 漏洞信息

Oracle Application Server 9i Webcache任意文件破坏漏洞
中危 输入验证
2005-05-03 00:00:00 2005-10-20 00:00:00
远程  
        Oracle应用服务器是一个综合解决方案,用于开发、集成和部署企业的应用系统、门户和网站。
        Oracle Application Server 9i Webcache中存在任意文件破坏漏洞,起因是没有删除某些参数值中的危险字符,这样攻击者就可以创建包含有到任意目标文件绝对路径的URI。如果有足够权限的用户跟随了这个URI的话,就可能在指定的文件后附加垃圾数据。

- 公告与补丁

        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        http://www.oracle.com/ip/deploy/ias/

- 漏洞信息

15909
Oracle webcacheadmin Arbitrary File Corruption
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public Vendor Verified

- 漏洞描述

The webcacheadmin module in Oracle Application Server Web Cache contains a flaw which allows appending arbitrary data to the end of files that may allow a remote attacker to corrupt files. No further details have been provided.

- 时间线

2005-04-26 2003-09-23
2005-04-26 Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

Oracle Application Server 9i Webcache Arbitrary File Corruption Vulnerability
Input Validation Error 13420
Yes No
2005-04-28 12:00:00 2009-07-12 02:06:00
Discovery of this issue is credited to Alexander Kornbrust.

- 受影响的程序版本

Oracle Oracle9i Application Server Web Cache 9.0.3 .1
Oracle Oracle9i Application Server Web Cache 9.0.2 .3
Oracle Oracle9i Application Server Web Cache 9.0.2 .2
+ Oracle iStore 11i 11i.IBE.O
Oracle Oracle9i Application Server Web Cache 2.0 .0.4
+ Oracle Oracle9i Application Server 1.0.2 .2
Oracle Oracle9i Application Server Web Cache 2.0 .0.3
- Oracle Oracle9i Application Server
Oracle Oracle9i Application Server Web Cache 2.0 .0.2 NT
- Oracle Oracle9i Application Server
Oracle Oracle9i Application Server Web Cache 2.0 .0.2
- Oracle Oracle9i Application Server
Oracle Oracle9i Application Server Web Cache 2.0 .0.1
- Oracle Oracle9i Application Server
Oracle Oracle9i Application Server Web Cache 2.0 .0.0
- Oracle Oracle9i Application Server

- 漏洞讨论

Oracle Application Server 9i Webcache is prone to an arbitrary file corruption vulnerability.

The issue exists becaue dangerous characters are not removed from a certain parameter value, allowing an attacker to construct a URI that contains an absolute path to any target file.

If this URI is followed by a user with sufficient privileges, garbage data is appended to the end of the specified file.

- 漏洞利用

The following example is available:
http://example.com:4000/webcacheadmin?SCREEN_ID=CGA.CacheDump&ACTION=Submit&index=1&cache_dump_file=/opt/ORACLE/ias/9.0.2/Apache/Apache/conf/httpd.conf

- 解决方案

Reports indicate that this issue was silently addressed by the vendor. This is not confirmed. Customers are advised to contact the vendor for further information regarding obtaining and applying an appropriate fix.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站