Vulnerability Details CVE-2004-0385
Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9.0.0.4.0 allows remote attackers to execute arbitrary code via a long HTTP request method header to the Web Cache listener. NOTE: due to the vagueness of the Oracle advisory, it is not clear whether there are additional issues besides this overflow, although the advisory alludes to multiple "vulnerabilities."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.388
EPSS Ranking 97.0%
CVSS Severity
CVSS v2 Score 10.0
References
- http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0078.html
- http://marc.info/?l=bugtraq&m=107945649127635&w=2
- http://marc.info/?l=bugtraq&m=108144419001770&w=2
- http://otn.oracle.com/deploy/security/pdf/2004alert66.pdf
- http://secunia.com/advisories/11118
- http://www.inaccessnetworks.com/ian/services/secadv01.txt
- http://www.kb.cert.org/vuls/id/413006
- http://www.osvdb.org/4249
- http://www.securityfocus.com/bid/9868
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15463
- http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0078.html
- http://marc.info/?l=bugtraq&m=107945649127635&w=2
- http://marc.info/?l=bugtraq&m=108144419001770&w=2
- http://otn.oracle.com/deploy/security/pdf/2004alert66.pdf
- http://secunia.com/advisories/11118
- http://www.inaccessnetworks.com/ian/services/secadv01.txt
- http://www.kb.cert.org/vuls/id/413006
- http://www.osvdb.org/4249
- http://www.securityfocus.com/bid/9868
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15463
Products affected by CVE-2004-0385
-
cpe:2.3:a:oracle:application_server_web_cache:9.0.0.4.0
-
cpe:2.3:a:oracle:application_server_web_cache:9.0.2.3.0
-
cpe:2.3:a:oracle:application_server_web_cache:9.0.3.1.0
-
cpe:2.3:a:oracle:application_server_web_cache:9.0.4.0.0
-
cpe:2.3:a:oracle:e-business_suite:11i