[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Webcache Client Requests Bypass OHS mod_access Restrictions
From:       Alexander Kornbrust <ak () red-database-security ! com>
Date:       2005-04-28 17:23:36
Message-ID: 20050428172336.16058.qmail () www ! securityfocus ! com
[Download RAW message or body]



Red-Database-Security GmbH Research Advisory 


Name               Webcache Client Requests Bypass OHS mod_access Restrictions
Systems Affected   Oracle HTTP Server
Severity           Medium Risk
Category           Bypass protected URLs via Webcache
Vendor URL         http://www.oracle.com
Author             Alexander Kornbrust (ak at red-database-security.com)
Date               26 Apr 2005  (V 1.00)
Advisory number    AKSEC2003-015


Description
###########
Without the parameter "UseWebcacheIP ON" it is possible to bypass Oracle HTTP Server 
mod_access restrictions.



More details available:
#######################

http://www.red-database-security.com/advisory/oracle_webcache_bypass.html




Patch Information
#################
Add the new parameter "UseWebCacheIP ON"  to the httpd.conf



History:
########
01 October 2003	Oracle secalert was informed 
23 October 2003	Bug confirmed
26 April 2005 	Advisory released




About Red-Database-Security GmbH
#################################
Red-Database-Security GmbH is a specialist in Oracle Security. 


http://www.red-database-security.com
[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic