PT-2004-1535 · Oracle · Oracle 9I Application Server Web Cache

Ioannis Migadakis

Published

2004-04-16

Updated

2017-07-11

CVE-2004-0385

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Oracle 9i Application Server Web Cache versions 9.0.0.4.0 through 9.0.4.0.0

Description A heap-based buffer overflow issue allows remote attackers to execute arbitrary code via a long HTTP request method header to the Web Cache listener. The issue arises from a long HTTP request method header sent to the Web Cache listener, which can lead to arbitrary code execution.

Recommendations For Oracle 9i Application Server Web Cache versions 9.0.0.4.0 through 9.0.4.0.0, consider restricting access to the Web Cache listener to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using long HTTP request method headers in the Web Cache listener. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-0385

Affected Products

Oracle 9I Application Server Web Cache

PT-2004-1535 · Oracle · Oracle 9I Application Server Web Cache

CVE-2004-0385

Related Identifiers

Affected Products

References · 12