VULHUB ™

Oracle Internet Application Server is an integrated database and web package distributed by Oracle Corporation. A problem in the software may allow remote users unauthorized access to critical resources. The problem occurs in the combination of Apache and WebDB software, a common implementation. The software requires a password to access the /WebDB directory on most implementations. However, a documented backdoor in the Oracle Internet Application Server allows remote users access to the /WebDB/admin_/ directory without access control. This makes it possible for a user with malicious intent to change passwords, alter web content, and change table names.

Oracle Internet Application Server is an integrated database and web package distributed by Oracle Corporation. A problem in the software may allow remote users unauthorized access to critical resources. The problem occurs in the combination of Apache and WebDB software, a common implementation. The software requires a password to access the /WebDB directory on most implementations. However, a documented backdoor in the Oracle Internet Application Server allows remote users access to the /WebDB/admin_/ directory without access control. This makes it possible for a user with malicious intent to change passwords, alter web content, and change table names.