Oct 30, 2002 : DoS Bug in Oracle9i Application Server

📅 October 30, 2002 - According to reports released on Tuesday, a potential security vulnerability, which could lead to denial of service attacks, has been detected in the Oracle9i Application Server by security consulting firm @stake.

In its security alert, @stake said the potential bug was discovered in the application server AS Web Cache admin module running on Windows. The company said denial of service scenarios could be triggered by issuing an HTTP GET request containing at least one dot-dot-slash in the URI, or by issuing a malformed GET request. @stake said both would create an exception, causing the service to fail.
Part of the company's Application Server suite, Oracle Web Cache is designed to operate in front of the Oracle Web server and act as a caching reverse proxy server.
Oracle confirmed the potential risk in a bulletin, recommending that users use firewall technology to restrict access to the Web Cache administration port. Oracle also urged users to use the tool's "Secure Subnets" feature to only allow access to administrators connecting from permitted IP addresses or subnets.
The company said it was monitoring the potential vulnerability, which would be fixed by default in the 9.0.4 release of Oracle91 Application Server.

Reads: 2081 | Category: General | Source: TheWHIR : Web Host Industry Reviews
URL source: http://www.thewhir.com/marketwatch/dos103002.cfm
Want to add a website news or press release ? Just do it, it's free! Use add web hosting news!

Other news

📅 Oct 29, 2002 - Verio Launches Web Hosting Framework - IP solution and Web hosting provider Verio Inc. (Verio.com ) announced on Tuesday that it has introduced the next phase of its enterprise hosting strategy with the launch of its NTT/VERIO PowerPlatform hosting framework. The NTT/VERIO PowerPlatform, says Verio, extends the company's range of managed hosting products for midsize and large enterprises, giving customers the ability to build out infrastructure on demand by drawing on modular technology building blocks, tiered support and enhanced services. The framework is designed to simplify the hosting options available to customers, and consists of four key parts, including PowerPlatform Hosting, PowerPlatfo

📅 Oct 29, 2002 - Travelodge, Pegasus Sign Seven-Year Deal - Hotel technology and services provider Pegasus Solutions (pegs.com) announced on Tuesday that it has signed a seven-year technology services agreement with budget hotel company Travelodge (travelodge.co.uk) in the United Kingdom. The contract, says Pegasus, provides Travelodge with a total enterprise solution, including central reservations system, property management system, applications and data hosting, global distribution system and Internet hotel connectivity and distribution. Travelodge's Web site is also being powered by Pegasus, says the company. "Our new package agreement with Travelodge reinforces Pegasus' role as a single-source solu

📅 Oct 29, 2002 - Sun Announces Free Server Software - Computer hardware and software developer Sun Microsystems (sun.com) announced on Monday that it has released an updated version of its application server software, adding that it planned to offer a free version of the platform. Sun says it has released two new versions of its Sun ONE Application Server 7. The Platform Edition is available as a free download for Solaris and Windows Operating systems, while the Standard Edition, which includes additional management tools, is available for $2,000 per server processor. According to Sun, the new software is more tightly linked to its Java development tools. The new server version includes better support for Web

📅 Oct 31, 2002 - Mirror Image Delivers NYC Marathon Web Site - Distributed Web and content delivery service provider Mirror Image Internet (mirror-image.com) announced on Wednesday that the New York City Marathon Web site (nycmarathon.org) is using Mirror Image's instaContent Delivery service for the third consecutive year. During the month of the race, the NYC Marathon Web site receives 1.8 million hits per day, says Mirror Image. And on race day, traffic is expected to exceed 12 million hits. As the site's Web caching provider, Mirror Image enables the site to service millions of requests simultaneously, minimizing the load placed on origin servers. "Internet presence has become a vital source of information and ente

📅 Oct 31, 2002 - Nexcom Announces Xeon-Based Blade Servers - Computing hardware developer NEXCOM (nexcom.com) announced on Wednesday that it has introduced its new HiServer 420, an Intel Xeon-based blade server designed for use in high performance computing, dynamic Web page delivery, streaming video service and server farm. NEXCOM says the HiServer 420's patent-pending authentic cooling system guarantees excellent airflow, enabling up to ten server blades to be housed in a 4U rack optimized chassis. The components of the new solution include: the 4U, 19-inch rack-mount chassis with slots for ten server blades; the single or dual Intel Xeon server blade; one PCI-X expansion slot on each Server Blade for installing an

📅 Oct 31, 2002 - Sword Host Launches Redesigned Web Site - Application service provider Sword Comp-Soft Corp. announced on Wednesday that it has re-launched its hosting venue Sword Host (swordhost.com). The company says it has made the site, now entering its third year of operations, more user friendly, expanding the company's capacity to serve its clients. Sword Comp-Soft says the improved site now offers Web hosting, Web site management, domain registration, Web site design services and secure certificates. The company says enhanced firewall protection, real time support and competitive pricing are favorite features among existing and new clients. Adding new features such as two new hosting packages,