Oracle 9i Application Server mod_oradav Module Format String Vulnerability

info
discussion
exploit
solution
references

Oracle 9i Application Server mod_oradav Module Format String Vulnerability

A vulnerability has been reported for Oracle 9i Application Server when the mod_oradav module is used.

Reportedly, an attacker may be able to exploit an issue with Oracle's 'dav_public' or 'dav_portal' folders and execute arbitrary code. This is due to an exploitable format string error in the mod_oradav module.