Vulnerability Description
Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9.0.0.4.0 allows remote attackers to execute arbitrary code via a long HTTP request method header to the Web Cache listener. NOTE: due to the vagueness of the Oracle advisory, it is not clear whether there are additional issues besides this overflow, although the advisory alludes to multiple "vulnerabilities."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Application Server Web Cache | 9.0.0.4.0 |
| Oracle | E-Business Suite | 11i |
References
- http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0078.html
- http://marc.info/?l=bugtraq&m=107945649127635&w=2
- http://marc.info/?l=bugtraq&m=108144419001770&w=2
- http://otn.oracle.com/deploy/security/pdf/2004alert66.pdfPatchVendor Advisory
- http://secunia.com/advisories/11118
- http://www.inaccessnetworks.com/ian/services/secadv01.txtVendor Advisory
- http://www.kb.cert.org/vuls/id/413006PatchThird Party AdvisoryUS Government Resource
- http://www.osvdb.org/4249
- http://www.securityfocus.com/bid/9868
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15463
- http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0078.html
- http://marc.info/?l=bugtraq&m=107945649127635&w=2
- http://marc.info/?l=bugtraq&m=108144419001770&w=2
- http://otn.oracle.com/deploy/security/pdf/2004alert66.pdfPatchVendor Advisory
- http://secunia.com/advisories/11118
FAQ
What is CVE-2004-0385?
CVE-2004-0385 is a vulnerability with a CVSS score of 10.0 (HIGH). Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9.0.0.4.0 allows remote attackers to execute arbitrary code via a long HTTP request method hea...
How severe is CVE-2004-0385?
CVE-2004-0385 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0385?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Application Server Web Cache, Oracle E-Business Suite.