Implications of Apache vuln for Oracle

From: Tina Bird (tbird@precision-guesswork.com)
Date: 06/19/02


Date: Wed, 19 Jun 2002 21:57:53 +0000 (GMT)
From: Tina Bird <tbird@precision-guesswork.com>
To: bugtraq@securityfocus.com

Hi all --

Oracle is conspicuously absent from the list of vendors in CERT's Apache
advisory:

http://www.cert.org/advisories/CA-2002-17.html

especially since the bugs were discovered during Oracle testing. Anyone
have an update on Oracle Application Server for the chunked encoding
issue?

thanks very much -- Tina Bird

"The road of excess leads to the palace of wisdom."
                                  Jade Blue Eclipse

http://www.shmoo.com/~tbird
Log Analysis http://www.counterpane.com/log-analysis.html
VPN http://vpn.shmoo.com



Relevant Pages

  • Inguma version 0.0.7.2 released
    ... new modules and exploits, fixed many, many, many bugs as well as ... enhancing existing modules, such as the Oracle related stuff. ... I'm releasing 5 new Oracle ...
    (Pen-Test)
  • [Full-disclosure] Inguma version 0.0.7.2 released
    ... new modules and exploits, fixed many, many, many bugs as well as ... enhancing existing modules, such as the Oracle related stuff. ... I'm releasing 5 new Oracle ...
    (Full-Disclosure)
  • Re: Policy on Oracle Versions and Patches
    ... Application vendor didn't provide any recommendation regarding ... test, test, find bugs, report them to the vendor, to Oracle, and get ... and not go live until all the bugs are fixed. ... Oracle's patch dates, or better yet become Oracle's beta test site. ...
    (comp.databases.oracle.server)
  • Re: SERVICE_CLASS parameter is SID_DISC in listener.ora
    ... I would strongly urge you to have your attorney read your Oracle ... prohibition of RE in a license agreement is waived. ... Some countries allow murder too as long as you kill the "right" people. ... being afraid of legal actions against them and all security bugs ...
    (comp.databases.oracle.server)
  • Re: Policy on Oracle Versions and Patches
    ... test, test, find bugs, report them to the vendor, to Oracle, and get ... and not go live until all the bugs are fixed. ... Oracle's patch dates, or better yet become Oracle's beta test site. ... The trick is to avoid using newly introduced features without ...
    (comp.databases.oracle.server)