pen-testing an Oracle9i Application Server

From: fotos@softhome.net
Date: 06/26/02

Previous message: Deus, Attonbitus: "Re: Opinions on Security of Reverse Proxy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: fotos@softhome.net
To: Pen-Test <PEN-TEST@SECURITYFOCUS.COM>
Date: Wed, 26 Jun 2002 14:09:10 -0600

In a pen-test of an Oracle Application Server
based on Apache http server, i have seen many vulnerabilities;

mod_ssl/2.8.x afected by Apache mod_ssl/Apache-SSL Buffer Overflow
Vulnerability (no public exploit available)

/soap/servlet/soaprouter afected by Oracle 9iAS SOAP components allow
anonymous users to deploy applications by default.

pls/updown/cntsample.startup for uploading and downloadig files from server,
but not works.

.....

And probably too affected by these vulnerabilities:

VU#500203 - Oracle9i Application Server Apache PL/SQL module vulnerable to
buffer overflow via help page request
VU#313280 - Oracle9i Application Server Apache PL/SQL module vulnerable to
buffer overflow via HTTP Location header
VU#750299 - Oracle9i Application Server Apache PL/SQL module vulnerable to
buffer overflow via HTTP request
VU#878603 - Oracle9i Application Server Apache PL/SQL module vulnerable to
buffer overflow via HTTP Authorization header
VU#659043 - Oracle9i Application Server Apache PL/SQL module vulnerable to
buffer overflow via Database Access Descriptor password
VU#923395 - Oracle9i Application Server Apache PL/SQL module vulnerable to
buffer overflow via cache directory name
VU#180147 - Oracle 9i Database Server PL/SQL module allows remote command
execution without authentication

I have try the pdf file "hacking proof oracle application server" obtaining
many information,

but i can't find any exploit for these vulnerabilities to gain remote
access.

Running over Solaris and Windows

żany ideas or sources?

sincerely, Peter.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Previous message: Deus, Attonbitus: "Re: Opinions on Security of Reverse Proxy"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Web Server Botnets and Server Farms as Attack Platforms
... Web Server Botnets and Server Farms as Attack ... We discuss how these attacks work using file inclusion ... vulnerabilities and PHP shells. ... place platform by platform, ...
(Bugtraq)
Re: [Full-disclosure] Web Server Botnets and Server Farms as Attack Platforms
... Web Server Botnets and Server Farms as Attack ... We discuss how these attacks work using file inclusion ... vulnerabilities and PHP shells. ... place platform by platform, ...
(Full-Disclosure)
Re: [Full-disclosure] Web Server Botnets and Server Farms as Attack Platforms
... >an article on cross platform web server malware and their massive use as ... >We discuss how these attacks work using file inclusion ... >vulnerabilities and PHP shells. ... >place platform by platform, ...
(Full-Disclosure)
iDefense Security Advisory 01.17.08: Multiple Vendor X Server EVI and MIT-SHM Extensions Integer
... The X Window System is a graphical windowing system used on ... Local exploitation of multiple integer overflow vulnerabilities in the ... X.Org X server, as included in various vendors' operating system ... iDefense has confirmed the existence of these vulnerabilities in X.Org ...
(Bugtraq)
[Full-disclosure] iDefense Security Advisory 01.17.08: Multiple Vendor X Server EVI and MIT-
... The X Window System is a graphical windowing system used on ... Local exploitation of multiple integer overflow vulnerabilities in the ... X.Org X server, as included in various vendors' operating system ... iDefense has confirmed the existence of these vulnerabilities in X.Org ...
(Full-Disclosure)