Penetration Testing mailing list archives
Re: [PEN-TEST] Oracle
From: "Frazier, Thomas" <Thomas.Frazier () USA XEROX COM>
Date: Mon, 5 Feb 2001 14:24:15 -0500
I remember a while ago there were some DoS stuff out for the Spyglass web server (resides on the Application Tier). It would crash it under certain circumstances. You might want to make sure that the site has the configuration setup properly. All 10.7NCA users are logging into the system using applsyspub/pub as the username/password pair. From their, a login box prompts you for a specific username and password. The database tier should be setup to only allow connections to/from the application tier. You might be able to bypass the app tier altogether and log into the db directly with applsyspub/pub. All of that and more should be in Metalinks.... Tom -----Original Message----- From: Simon Waters [mailto:Simon () wretched demon co uk] Sent: Friday, February 02, 2001 11:38 AM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: Oracle Michael Graham wrote:
Dear all, Is anyone aware of any vulnerabilities effecting Oracle 10.7 application?
I
am currently auditing one yet, can't find any info in the usual places.
Have you had a dig at Oracle Metalink? I assume you've looked for ordinary Oracle vulnerabilities? Simon -- Business http://www.eighth-layer.com/ Personal http://www.wretched.demon.co.uk/
Current thread:
- [PEN-TEST] Oracle Michael Graham (Feb 02)
- Re: [PEN-TEST] Oracle Simon Waters (Feb 02)
- <Possible follow-ups>
- Re: [PEN-TEST] Oracle Frazier, Thomas (Feb 05)
- Re: [PEN-TEST] Oracle Simon Waters (Feb 05)
- Re: [PEN-TEST] Oracle James W. Abendschan (Feb 06)
- Re: [PEN-TEST] Oracle Simon Waters (Feb 05)