PT-2005-2382 · Oracle · Oracle Webcache 9I

Alexander Kornbrust

Published

2005-05-02

Updated

2017-07-11

CVE-2005-1382

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Oracle Webcache 9i

Description: The issue allows remote attackers to corrupt arbitrary files by providing a full pathname in the cache dump file parameter within the webcacheadmin module.

Recommendations: For Oracle Webcache 9i, avoid using the cache dump file parameter with full pathnames in the webcacheadmin module until a fix is available. Restrict access to the webcacheadmin module to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-1382

Affected Products

Oracle Webcache 9I

PT-2005-2382 · Oracle · Oracle Webcache 9I

CVE-2005-1382

Related Identifiers

Affected Products

References · 8