[Snort-sigs] rule documentation for WEB-CGI Oracle reports CGI access

Josh.Sakofsky at ...1573... Josh.Sakofsky at ...1573...
Wed Jun 11 11:49:04 EDT 2003

Rule: WEB-CGI Oracle reports CGI access

Sid: 1805

Summary: A remote user has tried to exploit a flaw on a server running 
Oracle reports.

Impact: Serious

Detailed Information: A stack overflow exists in the Oracle Reports 
"rwcgi60" program. If a user supplies a long string as a value for
the method "setauth", it can overflow the stack and may allow the user to 
run code on the server. This code would be executed with
the permissions of the web server.

Affected Systems: Oracle's Oracle Reports6i 6.0.8 and Oracle9i Application 
Server Reports 9.0.2

Attack Scenarios: An attacker can overflow the stack using a URL and cause 
the machine to execute shell code.

Ease of Attack: Medium

False Positives: None Known

False Negatives: None Known

Corrective Action: Upgrade with Oracle supplied patch.

Contributors: Original rule writer unknown.
              Josh Sakofsky
Additional References: http://www.securityfocus.com/bid/4848
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20030611/873711a7/attachment.html>

More information about the Snort-sigs mailing list