CVE-2002-1264

Name of the Vulnerable Software and Affected Versions: Oracle 9 database server

Description: The issue is related to a buffer overflow in the Oracle iSQL*Plus web application. This occurs when a remote attacker sends a long USERID parameter in the "isqlplus" URL, allowing the execution of arbitrary code.

Recommendations: For Oracle 9 database server, consider restricting access to the isqlplus URL to minimize the risk of exploitation. As a temporary workaround, avoid using long USERID parameters in the isqlplus URL until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.