The CVE's point to non-Oracle AS stuff. Is the
"nessus" scan valid for Oracle AS 10.1.2.0.2?
CVE-2002-0133
Buffer overflows in Avirt Gateway Suite 4.2 allow
remote attackers to cause a denial of service and
possibly execute arbitrary code via (1) long header
fields to the HTTP proxy, or (2) a long string to the
telnet proxy.
4443
CVE-2001-0419
Buffer overflow in shared library ndwfn4.so for
iPlanet Web Server (iWS) 4.1,
when used as a web listener for Oracle application
server 4.0.8.2,
allows remote attackers to execute arbitrary commands
via a
long HTTP request that is passed to the application
server, such as /jsp/.
nv-video (4444/tcp)
It was possible to kill the HTTP proxy by
sending an invalid request with a too long header
A cracker may exploit this vulnerability to make your
proxy server
crash continually or even execute arbitrary code on
your system.
Solution: upgrade your software
Risk Factor : High
CVE : CVE-2002-0133, CVE-2002-0133
BID : 3904, 3905, 3904
Other references : OSVDB:6804
Plugin ID : 11715
It was possible to kill the web server by
sending an invalid request with a too long HTTP 1.1
header
(Accept-Encoding, Accept-Language, Accept-Range,
Connection,
Expect, If-Match, If-None-Match, If-Range,
If-Unmodified-Since,
Max-Forwards, TE, Host)
A cracker may exploit this vulnerability to make your
web server
crash continually or even execute arbirtray code on
your system.
Solution: upgrade your software or protect it with a
filtering reverse proxy
pharos (4443/tcp)
It was possible to kill the HTTP proxy by
sending an invalid request with a too long header
A cracker may exploit this vulnerability to make your
proxy server
crash continually or even execute arbitrary code on
your system.
Solution: upgrade your software
Risk Factor : High
CVE : CVE-2002-0133, CVE-2002-0133
BID : 3904, 3905, 3904
Other references : OSVDB:6804
Plugin ID : 11715
It may be possible to make a web server execute
arbitrary code by sending it a too long url after
/jsp.
Ie:
GET /jsp/AAAA.....AAAAA
Risk Factor : High
Solution: Contact your vendor for the latest software
release.
CVE : CVE-2001-0419, CVE-2001-0419
BID : 2569, 2569
Plugin ID : 10654
It was possible to kill the web server by
sending an invalid request with a too long HTTP 1.1
header
(Accept-Encoding, Accept-Language, Accept-Range,
Connection,
Expect, If-Match, If-None-Match, If-Range,
If-Unmodified-Since,
Max-Forwards, TE, Host)
A cracker may exploit this vulnerability to make your
web server
crash continually or even execute arbirtray code on
your system.
Solution: upgrade your software or protect it with a
filtering reverse proxy
____________________________________________________________________________________
We won't tell. Get more on shows you hate to love
(and love to hate): Yahoo! TV's Guilty Pleasures list.
http://tv.yahoo.com/collections/265
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
|