EIP-2026-104042

PRE-CVE

Oracle9i Application Server 9.0.2 - MOD_ORADAV Access Control

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104042. PoCs published by David Litchfield.

AI-analyzed exploit summary The provided text describes a vulnerability in the mod_oradav module for Oracle HTTP Server, specifically related to insufficient access controls on '/dav_public' and '/dav_portal' directories, potentially allowing directory filling attacks. It references Oracle's patch readme and security alert but lacks exploit code or technical depth.

Description

Oracle9i Application Server 9.0.2 - MOD_ORADAV Access Control

Exploits (1)

exploitdb WRITEUP VERIFIED

by David Litchfield · textremotemultiple

https://www.exploit-db.com/exploits/25988

View Code ZIP pw:eip

The provided text describes a vulnerability in the mod_oradav module for Oracle HTTP Server, specifically related to insufficient access controls on '/dav_public' and '/dav_portal' directories, potentially allowing directory filling attacks. It references Oracle's patch readme and security alert but lacks exploit code or technical depth.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Oracle9i Application Server (mod_oradav module)

No auth needed

Prerequisites: Access to the vulnerable Oracle HTTP Server instance

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026