Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Full Listing of nessus scan on Oracle AS

from [Yarick Tsagoyko] Network Security [Permanent Link]
Subject: RE: Full Listing of nessus scan on Oracle AS
Date: Mon, 2 Apr 2007 11:18:27 -0400 
I have just scanned Oracle AS 10.1.2.0.2 with up-to-date plug-ins and the
plug-in 4443 was not reported. Please save the KB for the scan and post it.



-----Original Message-----
From: nessus-bounces@list.nessus.org [mailto:nessus-bounces@list.nessus.org]
On Behalf Of rohan wijeyesinghe
Sent: Tuesday, March 27, 2007 3:39 PM
To: nessus@list.nessus.org
Subject: Full Listing of nessus scan on Oracle AS

The CVE's point to non-Oracle AS stuff.  Is the
"nessus" scan valid for Oracle AS 10.1.2.0.2?

CVE-2002-0133
Buffer overflows in Avirt Gateway Suite 4.2 allow
remote attackers to cause a denial of service and 
possibly execute arbitrary code via (1) long header
fields to the HTTP proxy, or (2) a long string to the
telnet proxy. 

4443
CVE-2001-0419
Buffer overflow in shared library ndwfn4.so for
iPlanet Web Server (iWS) 4.1, 
when used as a web listener for Oracle application
server 4.0.8.2, 
allows remote attackers to execute arbitrary commands
via a 
long HTTP request that is passed to the application
server, such as /jsp/. 

nv-video (4444/tcp) 
 
  
 It was possible to kill the HTTP proxy by
sending an invalid request with a too long header

A cracker may exploit this vulnerability to make your
proxy server
crash continually or even execute arbitrary code on
your system.


Solution: upgrade your software


Risk Factor : High
CVE : CVE-2002-0133, CVE-2002-0133
BID : 3904, 3905, 3904
Other references : OSVDB:6804
Plugin ID : 11715


 
 
 
 It was possible to kill the web server by
sending an invalid request with a too long HTTP 1.1
header
(Accept-Encoding, Accept-Language, Accept-Range,
Connection, 
Expect, If-Match, If-None-Match, If-Range,
If-Unmodified-Since,
Max-Forwards, TE, Host)

A cracker may exploit this vulnerability to make your
web server
crash continually or even execute arbirtray code on
your system.


Solution: upgrade your software or protect it with a
filtering reverse proxy



pharos (4443/tcp) 
 
  
 It was possible to kill the HTTP proxy by
sending an invalid request with a too long header

A cracker may exploit this vulnerability to make your
proxy server
crash continually or even execute arbitrary code on
your system.


Solution: upgrade your software


Risk Factor : High
CVE : CVE-2002-0133, CVE-2002-0133
BID : 3904, 3905, 3904
Other references : OSVDB:6804
Plugin ID : 11715


 
 
 
 It may be possible to make a web server execute
arbitrary code by sending it a too long url after
/jsp.
Ie:
GET /jsp/AAAA.....AAAAA


Risk Factor : High


Solution: Contact your vendor for the latest software
release.
CVE : CVE-2001-0419, CVE-2001-0419
BID : 2569, 2569
Plugin ID : 10654


 
 
 
 It was possible to kill the web server by
sending an invalid request with a too long HTTP 1.1
header
(Accept-Encoding, Accept-Language, Accept-Range,
Connection, 
Expect, If-Match, If-None-Match, If-Range,
If-Unmodified-Since,
Max-Forwards, TE, Host)

A cracker may exploit this vulnerability to make your
web server
crash continually or even execute arbirtray code on
your system.


Solution: upgrade your software or protect it with a
filtering reverse proxy



 
____________________________________________________________________________
________
We won't tell. Get more on shows you hate to love 
(and love to hate): Yahoo! TV's Guilty Pleasures list.
http://tv.yahoo.com/collections/265 
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Flourish Conference Reminder, Samir Faci
Next by Date:  multiple port scans, Tim Rupp
Previous by Thread:  Full Listing of nessus scan on Oracle AS, rohan wijeyesinghe
Next by Thread:  Transferring a Direct Feed Subscription, Lisa Curley
Indexes:  [Date] [Thread] [Top] [All Lists]