Implications of Apache vuln for Oracle

From: Tina Bird (tbird@precision-guesswork.com)
Date: 06/19/02


Date: Wed, 19 Jun 2002 21:57:53 +0000 (GMT)
From: Tina Bird <tbird@precision-guesswork.com>
To: bugtraq@securityfocus.com

Hi all --

Oracle is conspicuously absent from the list of vendors in CERT's Apache
advisory:

http://www.cert.org/advisories/CA-2002-17.html

especially since the bugs were discovered during Oracle testing. Anyone
have an update on Oracle Application Server for the chunked encoding
issue?

thanks very much -- Tina Bird

"The road of excess leads to the palace of wisdom."
                                  Jade Blue Eclipse

http://www.shmoo.com/~tbird
Log Analysis http://www.counterpane.com/log-analysis.html
VPN http://vpn.shmoo.com