← back
CVE-2002-0386

CVE-2002-0386

EPSS 22.0%
The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a ".." (dot dot) sequence, or (2) a malformed HTTP GET request with a chunked Transfer-Encoding with missing data.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/21911unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://otn.oracle.com/deploy/security/pdf/2002alert43rev1.pdfhttp://www.atstake.com/research/advisories/2002/a102802-1.txthttp://www.iss.net/security_center/static/10284.phphttp://www.securityfocus.com/bid/5902