Oracle Security Alert #36
Dated: 20 June 2002
Security Vulnerability in Apache HTTP Server Affects Oracle9iAS & Oracle Http Server (OHS)


A potential security vulnerability exists in Apache HTTP Servers up to
and including version 1.3.24. A knowledgeable and malicious user can
exploit this vulnerability by remotely sending a carefully crafted
invalid request to the Apache HTTP server using chunked encoding. Doing
so may lead to successful Denial of Service (DoS) attacks on 32-bit
Unix operating systems and running of arbitrary code on Windows and
64-bit Unix operating systems.

Ray Stell stellr_at_vt.edu (540) 231-4109 KE4TJC 28^D
Please see the official ORACLE-L FAQ: http://www.orafaq.com
Author: Ray Stell
INET: stellr_at_cns.vt.edu

Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists

To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouporacle-l @
postedJun 30, '02 at 7:43p
activeJun 30, '02 at 7:43p

1 user in discussion

Ray Stell: 1 post



site design / logo © 2022 Grokbase