Published: 03/05/2005 Updated: 11/07/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The OHS component 1.0.2 up to and including 10.x, when UseWebcacheIP is disabled, in Oracle Application Server allows remote malicious users to bypass HTTP Server mod_access restrictions via a request to the webcache TCP port 7778.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle application server 10.1.0.2
oracle application server 10.1.0.3
oracle application server 10.1.0.3.1
oracle application server 10.1.2

source: wwwsecurityfocuscom/bid/13418/info Oracle HTTP Server(OHS) of Oracle Application Server is prone to an access restriction bypass vulnerability It is possible to configure a list of forbidden URIs in OHS This is accomplished using 'mod_access' A URI that is listed is not supposed to be accessible to certain clients, depending o ...

NVD-CWE-Other http://www.red-database-security.com/advisory/oracle_webcache_bypass.html http://www.securityfocus.com/bid/13418 http://www.osvdb.org/15908 http://secunia.com/advisories/15143 http://marc.info/?l=bugtraq&m=111472266123952&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/20311 https://nvd.nist.gov https://www.exploit-db.com/exploits/25559/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-1383

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect