Oracle.HTTP.Server.mod_access.Restriction.Bypass

description-logoDescription

This indicates an attack attempt against a vulnerability in the Oracle Application Server.
Oracle Application Server has an access restriction bypass. A remote attacker could access any restricted URLs on the system via using the Web Cache even if the victim configures a list of forbidden URIs in the Oracle HTTP Server (OHS).

affected-products-logoAffected Products

Oracle Oracle10g Application Server 10.1.2
Oracle Oracle10g Application Server 10.1 .0.3.1
Oracle Oracle10g Application Server 10.1 .0.3
Oracle Oracle10g Application Server 10.1 .0.2

Impact logoImpact

Gain Access

recomended-action-logoRecommended Actions

Currently we are not aware of any vendor-supplied patches for this issue. We advise you to contact the vendor for further information regarding obtaining and applying an appropriate fix.
http://www.oracle.com/support/index.html />As a workaround, ensure 'UseWebCacheIP ON' is added to httpd.conf.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)