Oracle9i Application Server 9.0.2 - MOD_ORADAV Access Control

EDB-ID:

25988

CVE:

N/A




Platform:

Multiple

Date:

2003-02-13


source: https://www.securityfocus.com/bid/14274/info

The mod_oradav module for Oracle HTTP Server included in Oracle9i Application Server is prone to a vulnerability. This is related to access controls on the '/dav_public' and '/dav_portal' directories, allowing a malicious user to fill up the directory. It is not known if this could have other security impacts.

This issue was mentioned in the patch readme for the Oracle Critical Patch Update for July. This issue was also addressed by Oracle Security Alert #52, dated Feb 13, 2003. 

http://www.example.com/dav_public
http://www.example.com/dav_portal