Oracle Webserver PL/SQL Stored Procedure GET Request DoS

medium Nessus Plugin ID 10171

Synopsis

The remote host has an application that is affected by denial of service vulnerability.

Description

It was possible to make the remote web server crash by supplying a too long argument to the cgi /ews-bin/fnord. An attacker may use this flaw to prevent your customers to access your website.

Solution

Remove this CGI.

Plugin Details

Severity: Medium

ID: 10171

File Name: ows_overflow.nasl

Version: 1.37

Type: remote

Family: Databases

Published: 7/28/1999

Updated: 5/28/2024

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:oracle:fusion_middleware, cpe:/a:oracle:http_server

Required KB Items: Settings/ParanoidReport

Excluded KB Items: Settings/disable_cgi_scanning

Vulnerability Publication Date: 7/23/1997

Reference Information

CVE: CVE-1999-1068