CVE-2002-0386

Name of the Vulnerable Software and Affected Versions Oracle9iAS (9i Application Suite) version 9.0.2

Description The issue affects the administration module for Oracle Web Cache, allowing remote attackers to cause a denial of service (crash) through specific HTTP requests. This can be achieved by sending either an HTTP GET request containing a ".." (dot dot) sequence or a malformed HTTP GET request with a chunked Transfer-Encoding that has missing data.

Recommendations For Oracle9iAS (9i Application Suite) version 9.0.2, consider restricting access to the administration module for Oracle Web Cache to minimize the risk of exploitation. As a temporary workaround, restrict the handling of HTTP GET requests containing ".." sequences or chunked Transfer-Encoding with missing data until a fix is available.