Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Oracle :: va2372.htm

Oracle Containers For Java Directory Traversal



Oracle Containers For Java Directory Traversal (OC4J) Oracle Application Server 10g (10.1.3.1.0) Oracle HTTP Server
Oracle Containers For Java Directory Traversal (OC4J) Oracle Application Server 10g (10.1.3.1.0) Oracle HTTP Server



Server Version Info: Oracle-Application-Server-10g/10.1.3.1.0 Oracle-HTTP-Server
PoC: http://OC4J/web-app/foobar/%c0%ae%c0%ae/WEB-INF/web.xml 
Related: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938 
Explaination: The "%c0%ae%c0%ae" is interpreted as: ".." because on
Java's side: "%c0%ae" is interpreted as: "\uC0AE" that get's casted to
an ASCII-LOW char, that is: ".".

You can read dangerous configuration information including passwords,
users, paths, etc..
Discovered: 8/16/08
Vendor contacted: 8/16/08
Vendor response: 8/18/08
Vendor reproduced the issue: 9/10/08
Vendor last contact: 9/30/08
Public Disclosure: 1/19/09

Oracle security bug id: 7391479

For more information contact Oracle Security Team: secalert_us@oracle.com 

I really wanted to give a link to a patch, but I think it's better if
this is known by sysadmins so they can filter this using an IDS.

Greetings!!

-- Eduardo
http://www.sirdarckcat.net/ 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH