Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> note 200873.1

note 200873.1

From: Ray Stell <stellr_at_cns.vt.edu>
Date: Sun, 30 Jun 2002 11:43:17 -0800
Message-ID: <F001.0048C4FD.20020630114317@fatcity.com>

Oracle Security Alert #36
Dated: 20 June 2002
Security Vulnerability in Apache HTTP Server Affects Oracle9iAS & Oracle Http Server (OHS)

Description

A potential security vulnerability exists in Apache HTTP Servers up to and including version 1.3.24. A knowledgeable and malicious user can exploit this vulnerability by remotely sending a carefully crafted invalid request to the Apache HTTP server using chunked encoding. Doing so may lead to successful Denial of Service (DoS) attacks on 32-bit Unix operating systems and running of arbitrary code on Windows and 64-bit Unix operating systems.



Ray Stell stellr_at_vt.edu (540) 231-4109 KE4TJC 28^D
--

Please see the official ORACLE-L FAQ: http://www.orafaq.com
--

Author: Ray Stell
  INET: stellr_at_cns.vt.edu
Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Sun Jun 30 2002 - 14:43:17 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US