Reference Date: October 18, 2001 Security Alert #18 Oracle9iAS Web Cache Overflow Vulnerability Overview A potential security vulnerability has been discovered in Oracle9iAS Web Cache 2.0.0.1. This vulnerability enables an attacker to mount a denial-of-service attack using an oversized HTTP GET request. On some platforms there is an additional vulnerability that may allow remote execution of arbitrary code. Products Oracle9iAS Web Cache 2.0.0.1 Platforms All Patch Solution Oracle has comprehensively fixed this security vulnerability in the 2.0.0.2 release of Oracle9iAS Web Cache. Supported customers may download the release for your platform from Oracle's Worldwide Support web site, Metalink, http://metalink.oracle.com. Press the "Patches" button to get to the patches web page. Enter the platform and corresponding patch number from the table below, and press "Submit." Platform Patch Number MS Windows NT/2000 Server - 2044682 Sun SPARC Solaris - 2042106 HP-UX - 2043908 Linux - 2043924 Compaq Tru64 UNIX - 2043921 AIX - 2043917 Alternatively, this release may be downloaded for evaluation on Windows NT, Solaris, HP, and Linux from the Oracle Technology Network, http://otn.oracle.com/software/content.html. Credits Oracle would like to thank George Hedfors and Andreas Junestam of Defcom Security for promptly bringing this potential security vulnerability to Oracle’s attention.
