Heap-Based Buffer Overflow in Oracle 9i Application Server Web Cache
CVE-2004-0385

Currently unrated

Key Information:

Vendor: Oracle
Status: Application Server Web Cache; E-business Suite
Vendor: CVE Published:; 1 June 2004

What is CVE-2004-0385?

This vulnerability involves a heap-based buffer overflow in the Oracle 9i Application Server Web Cache that can be exploited by remote attackers. By sending a specially crafted long HTTP request method header to the Web Cache listener, an attacker can execute arbitrary code on the server. The Oracle advisory mentions the possibility of multiple vulnerabilities, however, details regarding additional issues remain unclear. Systems using affected versions are urged to apply security patches to mitigate potential risks.

References

http://www.inaccessnetworks.com/ian/services/secadv01.txt

x_refsource_MISC

http://otn.oracle.com/deploy/security/pdf/2004alert66.pdf

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/15463

vdb-entryx_refsource_XF

EPSS Score

38% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 1, 2004
Vulnerability Reserved
Apr 6, 2004