Description
The webcacheadmin module in Oracle Webcache 9i allows remote attackers to corrupt arbitrary files via a full pathname in the cache_dump_file parameter.
Affected products
References
- MISChttp://www.red-database-security.com/advisory/oracle_webcache_append_file_vulnerabilitiy.html
- MAILING_LISThttp://marc.info/?l=bugtraq&m=111472615519295&w=2
- VENDOR_ADVISORYhttp://secunia.com/advisories/15143
- MISChttp://www.osvdb.org/15909
- MISChttp://www.securityfocus.com/bid/13420
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/20310