| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <FF8F8D3A13833846BECEF51D189C16A4019A716D@mapibe02.exchange.xchg> Date: Thu Apr 28 18:26:17 2005 From: ak at red-database-security.com (Kornbrust, Alexander) Subject: Webcache Client Requests Bypass OHS mod_access Restrictions Red-Database-Security GmbH Research Advisory Name Webcache Client Requests Bypass OHS mod_access Restrictions Systems Affected Oracle HTTP Server Severity Medium Risk Category Bypass protected URLs via Webcache Vendor URL http://www.oracle.com Author Alexander Kornbrust (ak at red-database-security.com) Date 26 Apr 2005 (V 1.00) Advisory number AKSEC2003-015 Description ########### Without the parameter "UseWebcacheIP ON" it is possible to bypass Oracle HTTP Server mod_access restrictions. More details available: ####################### http://www.red-database-security.com/advisory/oracle_webcache_bypass.htm l Patch Information ################# Add the new parameter "UseWebCacheIP ON" to the httpd.conf History: ######## 01 October 2003 Oracle secalert was informed 23 October 2003 Bug confirmed 26 April 2005 Advisory released About Red-Database-Security GmbH ################################# Red-Database-Security GmbH is a specialist in Oracle Security. http://www.red-database-security.com
Powered by blists - more mailing lists