Back to search
CVE-2002-0842
Published: Sep 1, 2004
Modified: Aug 8, 2024
PUBLISHED
Description
Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code via a destination URI that forces a "502 Bad Gateway" response, which causes the format string specifiers to be returned from dav_lookup_uri() in mod_dav.c, which is then used in a call to ap_log_rerror().
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
CA-2003-05
third-party-advisory
x_refsource_CERT
N-046
third-party-advisory
government-resource
x_refsource_CIAC
http://otn.oracle.com/deploy/security/pdf/2003alert52.pdf
x_refsource_CONFIRM
20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)
mailing-list
x_refsource_NTBUGTRAQ
VU#849993
third-party-advisory
x_refsource_CERT-VN
20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)
mailing-list
x_refsource_VULNWATCH
oracle-appserver-davpublic-dos(11330)
vdb-entry
x_refsource_XF
6846
vdb-entry
x_refsource_BID
20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)
mailing-list
x_refsource_BUGTRAQ
20030218 Re: CSSA-2003-007.0 Advisory withdrawn.
mailing-list
x_refsource_BUGTRAQ
20030218 CSSA-2003-007.0 Advisory withdrawn. Re: Security Update: [CSSA-2003-007.0] Linux: Apache mod_dav mo
mailing-list
x_refsource_BUGTRAQ
http://www.nextgenss.com/advisories/ora-appservfmtst.txt
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now