Saturday, May 15, 2021

DoS Bug Found in Oracle9i App Server

Security consultants @stake has
detected a potential vulnerability in the Oracle9i Application Server that
could lead to Denial of Service (DoS) scenarios.

In a security
, @stake said the potential bug was discovered in the Oracle9iAS
Web Cache admin module running on Windows. It said two different denial of
service situations could be triggered by issuing a HTTP
GET request containing at least one dot-dot-slash contained in the URI.

A second denial of service is triggered by issuing a malformed GET request,
@stake said, warning that both scenarios would create an exception and the
service will fail.

Oracle Web Cache is part of the company’s Application Server suite. It is
designed to be implemented in front of the Oracle Web server and act as a
caching reverse proxy server.

Oracle confirmed the potential security risk in a bulletin and urged users to “use firewall techniques to restrict access to the
Web Cache administration port.”

Customers were also encouraged to use the “Secure Subnets” feature of the
Web Cache Manager tool to provide access only to administrators connecting
from a list of permitted IP addresses or subnets.

“The potential security vulnerability is being tracked internally at Oracle
and will be fixed by default in the 9.0.4 release of Oracle9i Application
Server,” the company said.

Similar articles

Latest Articles

How IBM has Changed...

Think is IBM’s big annual conference, and again this year, it was digital. I’m noticing a sharp quality difference in shows like this where...

Database-Tuning Platform Launches and...

PITTSBURGH — A team out of Carnegie Mellon University is launching its automatic database-tuning product today with the help of $2.5 million in funding.   OtterTune,...

Top 10 Professional Services...

Professional services automation (PSA) software aims to offer service-based companies most of the software they will need to run their businesses in one package....

What is Data Aggregation?

Data aggregation is the process where raw data is gathered and presented in a summarized format for statistical analysis. The data may be gathered...