[25889] in bugtraq
Re: Implications of Apache vuln for Oracle
daemon@ATHENA.MIT.EDU (Kevin Spett)
Thu Jun 20 15:42:08 2002
Message-ID: <002001c21863$9c127740$4501020a@nunhunter>
From: "Kevin Spett" <kspett@spidynamics.com>
To: "Tina Bird" <tbird@precision-guesswork.com>, <bugtraq@securityfocus.com>
Date: Thu, 20 Jun 2002 10:05:55 -0400
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Oracle Application Server runs on a normal version of apache with a couple
of mods for things like PL/SQL. It's perfectly vulnerable.
Kevin Spett
SPI Dynamics
http://www.spidynamics.com/
----- Original Message -----
From: "Tina Bird" <tbird@precision-guesswork.com>
To: <bugtraq@securityfocus.com>
Sent: Wednesday, June 19, 2002 5:57 PM
Subject: Implications of Apache vuln for Oracle
> Hi all --
>
> Oracle is conspicuously absent from the list of vendors in CERT's Apache
> advisory:
>
> http://www.cert.org/advisories/CA-2002-17.html
>
> especially since the bugs were discovered during Oracle testing. Anyone
> have an update on Oracle Application Server for the chunked encoding
> issue?
>
> thanks very much -- Tina Bird
>
> "The road of excess leads to the palace of wisdom."
> Jade Blue Eclipse
>
> http://www.shmoo.com/~tbird
> Log Analysis http://www.counterpane.com/log-analysis.html
> VPN http://vpn.shmoo.com
>
>
