_
_ _ 08.30.2008
 
_ Navigation: _
Main Page Technology Downloads Security Entertainment Videos
Search Site: Advanced
_
 
Login Login
 
Register Register
   
_ News Item

Oracle Application Server 10g Directory Traversal

Jan 18 2007 13:16:21
Source: ace
vote bad  vote good
0
Summary
"Oracle Application Server 10g offers a comprehensive solution for developing, integrating, and deploying your enterprise's applications, portals, and Web services.

Based on a powerful and scalable J2EE server, Oracle Application Server 10g provides complete business integration and business intelligence suites, and best-of-breed portal software.

Oracle Application Server 10g is the only platform designed for grid computing as well as full lifecycle support for Service-Oriented Architecture (SOA)."

A vulnerable server side component allows remote access to files outside of the application's root directory with permissions of the LocalSystem process.

No authentication is required.

Credit:
The information has been provided by Oliver Karow.
The original article can be found at: http://www.securityfocus.com/bid/22027


Vulnerable Systems:
* Oracle Application Server 10g Release 3 (10.1.3.0.0)

The server side component EmChartBean is part of the Oracle Enterprise Manager 10g Application Server Control Software.

EmChartBean is vulnerable to a directory traversal attack.

The vulnerability can be exploited by sending an unauthenticated http GET request.

Remote access is granted to files outside of the application's root directory with permissions of the Javaw.exe process, which by default runs with LocalSystem privileges.

The server side component EmChartBean only exists at runtime, and is unpacked from a JAR file after an initial call to the login page.

Thus, a single request to the login page is required before an attacker can successfully exploit the vulnerability.

Vendor Response:
The fix for this security vulnerability is included in Oracle's January 2007 Critical Patch Update.

The Critical Patch Update advisory, which lists the versions affected and contains links to more information and patches, is available at: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html

The main page for Oracle Critical Patch Updates and Security Alerts is available at: http://www.oracle.com/technology/deploy/security/alerts.htm

Recommendation:
Follow your organization's testing procedures before applying patches or workarounds.

Symantec recommends that customers should apply Oracle's update as soon as possible.

Oracle strongly recommends applying the Oracle Enterprise Manager patches released with the January 2007 Critical Patch Update to all instances affected by this problem.

CVE Information:
CVE-2007-0222.

» full story @ source-link: ace
Related Articles:
» Xpression News 1.0.1 (archives.php) Remote File Disclosure Exploit
» S-Gastebuch <= 1.5.3 (gb_pfad) Remote File Include Exploit
» PHP-Nuke Module Emporium <= 2.3.0 Remote SQL Injection Exploit
» SendStudio <= 2004.14 (ROOTDIR) Remote File Inclusion Vulnerability
_ Comments
Add Comment
You must be registered and logged in to add comments!

Register
Login
_ Sponsors

_ Sponsors