Vulnerability Note VU#413006
Oracle Application Server Web Cache contains heap overflow vulnerability
Oracle Application Server Web Cache contains a heap overflow vulnerability in the handling of client requests that could result in arbitrary code execution.
The Oracle Web Cache acts as a reverse proxy, caching static and dynamic content generated from Oracle Application web servers. There is a heap overflow vulnerability in the way Oracle Web Cache processes HTTP requests. By supplying an overly long HTTP Request Method header, an attacker could execute arbitrary code with privileges of the vulnerable process.
According to Oracle:
The following products are affected:
A remote, unauthenticated attacker could execute arbitrary code with privileges of the vulnerable process.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Oracle Corporation||Affected||-||22 Mar 2004|
CVSS Metrics (Learn More)
Thanks to Ioannis Migadakis of InAccess Networks for reporting this vulnerability.
This document was written by Damon Morda.
- CVE IDs: CAN-2004-0385
- Date Public: 15 Mar 2004
- Date First Published: 22 Mar 2004
- Date Last Updated: 20 Apr 2004
- Severity Metric: 20.32
- Document Revision: 19
If you have feedback, comments, or additional information about this vulnerability, please send us email.