CVE-2005-1383

Oracle Application Server <10.x - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1383. PoCs published by Alexander Kornbrust.

AI-analyzed exploit summary The document describes an access restriction bypass vulnerability in Oracle HTTP Server (OHS) where forbidden URIs can be accessed via the Oracle Webcache client (port 7778), bypassing mod_access restrictions. It provides specific example URLs demonstrating the bypass.

Description

The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, in Oracle Application Server allows remote attackers to bypass HTTP Server mod_access restrictions via a request to the webcache TCP port 7778.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Alexander Kornbrust · textremotemultiple

https://www.exploit-db.com/exploits/25559

View Code ZIP pw:eip

The document describes an access restriction bypass vulnerability in Oracle HTTP Server (OHS) where forbidden URIs can be accessed via the Oracle Webcache client (port 7778), bypassing mod_access restrictions. It provides specific example URLs demonstrating the bypass.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Oracle HTTP Server (OHS) of Oracle Application Server

No auth needed

Prerequisites: Access to Oracle Webcache client (port 7778) · Knowledge of forbidden URIs

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6

Core References

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/13418

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=111472266123952&w=2

Exploit, Patch x_refsource_misc

http://www.red-database-security.com/advisory/oracle_webcache_bypass.html

Exploit, Patch vdb-entry x_refsource_osvdb

http://www.osvdb.org/15908

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/15143

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/20311

Scores

EPSS 0.3061

EPSS Percentile 98.0%

Details

Status published

Products (4)

oracle/application_server 10.1.0.2

oracle/application_server 10.1.0.3

oracle/application_server 10.1.0.3.1

oracle/application_server 10.1.2

Published May 03, 2005

Tracked Since Feb 18, 2026