CVE-2004-0385

Name of the Vulnerable Software and Affected Versions Oracle 9i Application Server Web Cache versions 9.0.0.4.0 through 9.0.4.0.0

Description A heap-based buffer overflow issue allows remote attackers to execute arbitrary code via a long HTTP request method header to the Web Cache listener. The issue arises from a long HTTP request method header sent to the Web Cache listener, which can lead to arbitrary code execution.

Recommendations For Oracle 9i Application Server Web Cache versions 9.0.0.4.0 through 9.0.4.0.0, consider restricting access to the Web Cache listener to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using long HTTP request method headers in the Web Cache listener. At the moment, there is no information about a newer version that contains a fix for this issue.