Oracle Application Server HTTP Service Mod_Access Restriction Bypass Vulnerability

Bugtraq ID: 13418
Class: Design Error
CVE: CVE-2005-1383
Remote: Yes
Local: No
Published: Apr 28 2005 12:00AM
Updated: Jul 12 2009 02:06PM
Credit: Discovery of this issue is credited to Alexander Kornbrust.
Vulnerable: Oracle Oracle9i Application Server 9.2 .0.6
Oracle Oracle9i Application Server 9.0.3 .1
Oracle Oracle9i Application Server 9.0.3
Oracle Oracle9i Application Server 9.0.2 .3
Oracle Oracle9i Application Server 9.0.2 .2
Oracle Oracle9i Application Server 9.0.2 .1
Oracle Oracle9i Application Server 9.0.2 .0.1
Oracle Oracle9i Application Server 9.0.2 .0.0
Oracle Oracle9i Application Server 9.0.2
Oracle Oracle9i Application Server 1.0.2 .2.2
Oracle Oracle9i Application Server 1.0.2 .2
Oracle Oracle9i Application Server 1.0.2 .1s
Oracle Oracle9i Application Server 1.0.2
Oracle Oracle9i Application Server
- Compaq Tru64 5.1
- Compaq Tru64 5.0 f
- Compaq Tru64 5.0 a
- Compaq Tru64 5.0
- Compaq Tru64 4.0 g
- HP HP-UX 11.11
- HP HP-UX 11.0 4
- HP HP-UX 11.0
- HP HP-UX 10.34
- HP HP-UX 10.30
- HP HP-UX 10.26
- HP HP-UX 10.20
- HP HP-UX 10.16
- HP HP-UX 10.10
- HP HP-UX 10.9
- HP HP-UX 10.8
- HP HP-UX 10.1 0
- HP HP-UX 10.0 1
- HP HP-UX 10.0
- HP HP-UX 9.10
- HP HP-UX 9.9
- HP HP-UX 9.8
- HP HP-UX 9.7
- HP HP-UX 9.6
- HP HP-UX 9.5
- HP HP-UX 9.4
- HP HP-UX 9.3
- HP HP-UX 9.1
- HP HP-UX 9.0
- HP HP-UX 8.9
- HP HP-UX 8.8
- HP HP-UX 8.7
- HP HP-UX 8.6
- HP HP-UX 8.5
- HP HP-UX 8.4
- HP HP-UX 8.2
- HP HP-UX 8.1
- HP HP-UX 8.0
- HP HP-UX 7.8
- HP HP-UX 7.6
- HP HP-UX 7.4
- HP HP-UX 7.2
- HP HP-UX 7.0
- IBM AIX 4.3.3
- IBM AIX 4.3.2
- IBM AIX 4.3.1
- IBM AIX 4.3
- IBM AIX 4.2.1
- IBM AIX 4.2
- IBM AIX 4.1.5
- IBM AIX 4.1.4
- IBM AIX 4.1.3
- IBM AIX 4.1.2
- IBM AIX 4.1.1
- IBM AIX 4.1
- IBM AIX 4.0
- IBM AIX 3.2.5
- IBM AIX 3.2.4
- IBM AIX 3.2
- IBM AIX 3.1
- IBM AIX 3.0 x
- IBM AIX 2.2.1
- IBM AIX 1.3
- IBM AIX 1.2.1
- IBM AIX 5.1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Sun Solaris 2.5.1 _x86
- Sun Solaris 2.5.1
- Sun Solaris 1.1.4 -JL
- Sun Solaris 1.1.4
- Sun Solaris 1.1.3 _U1
- Sun Solaris 1.1.3
- Sun Solaris 1.1.2
- Sun Solaris 1.1.1
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
- Sun Solaris 2.6_x86HW5/98
- Sun Solaris 2.6_x86HW3/98
- Sun Solaris 2.6_x86
- Sun Solaris 2.6 HW5/98
- Sun Solaris 2.6 HW3/98
- Sun Solaris 2.6
- Sun Solaris 2.5_x86
- Sun Solaris 2.5
- Sun Solaris 2.4_x86
- Sun Solaris 2.4
- Sun Solaris 2.3
- Sun Solaris 2.2
- Sun Solaris 2.1
- Sun Solaris 2.0
- Sun Solaris 1.2
- Sun Solaris 1.1
Oracle Oracle10g Application Server 10.1.2
Oracle Oracle10g Application Server 10.1 .0.3.1
Oracle Oracle10g Application Server 10.1 .0.3
Oracle Oracle10g Application Server 10.1 .0.2
Oracle Oracle10g Application Server 9.0.4 .1
Oracle Oracle10g Application Server 9.0.4 .0
Oracle Oracle HTTP Server 9.2 .0
+ Apache Apache 1.3.22
Oracle Oracle HTTP Server 9.0.1
Oracle Oracle HTTP Server 8.1.7
+ Apache Apache 1.3.12
+ Oracle Oracle8 8.1.7
+ Oracle Oracle8i Enterprise Edition 8.1.7 .0.0
+ Oracle Oracle8i Standard Edition 8.1.7
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus