CVE-2005-1382

Oracle Webcache 9i - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1382. PoCs published by Alexander Kornbrust.

AI-analyzed exploit summary The exploit describes an arbitrary file corruption vulnerability in Oracle Application Server 9i Webcache due to improper sanitization of a parameter value. An attacker can construct a URI to append garbage data to any target file, potentially leading to denial of service or other unintended consequences.

Description

The webcacheadmin module in Oracle Webcache 9i allows remote attackers to corrupt arbitrary files via a full pathname in the cache_dump_file parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Alexander Kornbrust · textremotemultiple

https://www.exploit-db.com/exploits/25561

View Code ZIP pw:eip

The exploit describes an arbitrary file corruption vulnerability in Oracle Application Server 9i Webcache due to improper sanitization of a parameter value. An attacker can construct a URI to append garbage data to any target file, potentially leading to denial of service or other unintended consequences.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Oracle Application Server 9i Webcache

Auth required

Prerequisites: Access to a user with sufficient privileges to trigger the vulnerability

MITRE ATT&CK