CVE-2004-0385

Currently unrated

Key Information:

Vendor: Oracle
Status: Application Server Web Cache; E-business Suite
Vendor: CVE Published:; 1 June 2004

Summary

Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9.0.0.4.0 allows remote attackers to execute arbitrary code via a long HTTP request method header to the Web Cache listener. NOTE: due to the vagueness of the Oracle advisory, it is not clear whether there are additional issues besides this overflow, although the advisory alludes to multiple "vulnerabilities."

References

http://www.inaccessnetworks.com/ian/services/secadv01.txt

x_refsource_MISC

http://otn.oracle.com/deploy/security/pdf/2004alert66.pdf

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/15463

vdb-entryx_refsource_XF

EPSS Score

38% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jun 1, 2004
Vulnerability Reserved
Apr 6, 2004