Oracle.HTTP.Server.mod_access.Restriction.Bypass
Description
This indicates an attack attempt against a vulnerability in the Oracle Application Server.
Oracle Application Server has an access restriction bypass. A remote attacker could access any restricted URLs on the system via using the Web Cache even if the victim configures a list of forbidden URIs in the Oracle HTTP Server (OHS).
Affected Products
Oracle Oracle10g Application Server 10.1.2
Oracle Oracle10g Application Server 10.1 .0.3.1
Oracle Oracle10g Application Server 10.1 .0.3
Oracle Oracle10g Application Server 10.1 .0.2
Impact
Gain Access
Recommended Actions
Currently we are not aware of any vendor-supplied patches for this issue. We advise you to contact the vendor for further information regarding obtaining and applying an appropriate fix.
http://www.oracle.com/support/index.html
/>As a workaround, ensure 'UseWebCacheIP ON' is added to httpd.conf.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |