CVE-2009-0993

Name of the Vulnerable Software and Affected Versions Oracle Application Server version 10.1.2.3

Description The issue affects confidentiality, integrity, and availability. It is reportedly related to the handling of HTTP POST requests, potentially allowing remote attackers to execute arbitrary code via format string specifiers in the URI, which are not properly handled when logging to opmn/logs/opmn.log.

Recommendations For Oracle Application Server version 10.1.2.3, consider restricting access to the OPMN component until a fix is available. As a temporary workaround, avoid using format string specifiers in HTTP POST URIs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.