Check Point Advisories

Oracle HTTP Server mod_access Restriction Bypass (CVE-2005-1383)

Vulnerability
Protection

Check Point Reference:	CPAI-2005-235
Date Published:	22 Nov 2009
Severity:	Critical
Last Updated:	Monday 03 December, 2018
Source:
Industry Reference:	CVE-2005-1383
Protection Provided by:	Security Gateway R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description	The Oracle HTTP Server (OHS) is bundled with recent Oracle Database Server releases (8.1.7 and above, 9i and10g). The OHS is provided to enable the distribution of applications over the web. The OHS is derivative of the Apache HTTP server project, and enhanced with a set of Oracle extensions. There exists a vulnerability in the way Oracle HTTP Server (OHS) applies access control policy to local resources. All remote HTTP requests proxied by the Oracle Web Cache can bypass the OHS access restriction. An remote attacker can exploit this vulnerability to obtain protected contents. Successfully exploiting the vulnerability discloses sensitive information to an attacker. There are no changes to the behaviour of the target.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

In the IPS tab, click Protections and find the Oracle HTTP Server mod_access Restriction Bypass protection using the Search tool and Edit the protection's settings.
Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name: Web Server Enforcement Violation.
Attack Information: Oracle HTTP Server mod_access restriction bypass