Oracle9iAS Web Cache Overflow VulnerabilityFrom: Oracle Security Alerts (firstname.lastname@example.org)
- Previous message: Stanley G. Bubrouski: "Re: Sun Security Bulletin #00208"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <3BD71F4C.4360AEA7@oracle.com> Date: Wed, 24 Oct 2001 13:06:36 -0700 From: Oracle Security Alerts <email@example.com> To: firstname.lastname@example.org Subject: Oracle9iAS Web Cache Overflow Vulnerability
Reference Date: October 18, 2001
Security Alert #18
Oracle9iAS Web Cache Overflow Vulnerability
A potential security vulnerability has been discovered in Oracle9iAS Web
Cache 18.104.22.168. This vulnerability enables an attacker to mount a
denial-of-service attack using an oversized HTTP GET request. On some
platforms there is an additional vulnerability that may allow remote
execution of arbitrary code.
Oracle9iAS Web Cache 22.214.171.124
Oracle has comprehensively fixed this security vulnerability in the
126.96.36.199 release of Oracle9iAS Web Cache.
Supported customers may download the release for your platform from
Oracle's Worldwide Support web site, Metalink,
http://metalink.oracle.com. Press the "Patches" button to get to the
patches web page. Enter the platform and corresponding patch number from
the table below, and press "Submit."
Platform Patch Number
MS Windows NT/2000 Server - 2044682
Sun SPARC Solaris - 2042106
HP-UX - 2043908
Linux - 2043924
Compaq Tru64 UNIX - 2043921
AIX - 2043917
Alternatively, this release may be downloaded for evaluation on Windows
NT, Solaris, HP, and Linux from the Oracle Technology Network,
Oracle would like to thank George Hedfors and Andreas Junestam of Defcom
Security for promptly bringing this potential security vulnerability to