Oracle Application Server runs on a normal version of apache with a couple of mods for things like PL/SQL. It's perfectly vulnerable. Kevin Spett SPI Dynamics http://www.spidynamics.com/ ----- Original Message ----- From: "Tina Bird" <tbird@precision-guesswork.com> To: <bugtraq@securityfocus.com> Sent: Wednesday, June 19, 2002 5:57 PM Subject: Implications of Apache vuln for Oracle > Hi all -- > > Oracle is conspicuously absent from the list of vendors in CERT's Apache > advisory: > > http://www.cert.org/advisories/CA-2002-17.html > > especially since the bugs were discovered during Oracle testing. Anyone > have an update on Oracle Application Server for the chunked encoding > issue? > > thanks very much -- Tina Bird > > "The road of excess leads to the palace of wisdom." > Jade Blue Eclipse > > http://www.shmoo.com/~tbird > Log Analysis http://www.counterpane.com/log-analysis.html > VPN http://vpn.shmoo.com > >
