Oracle Application Server Web Cache contains a heap overflow vulnerability in the handling of client requests that could result in arbitrary code execution.
The Oracle Web Cache acts as a reverse proxy, caching static and dynamic content generated from Oracle Application web servers. There is a heap overflow vulnerability in the way Oracle Web Cache processes HTTP requests. By supplying an overly long HTTP Request Method header, an attacker could execute arbitrary code with privileges of the vulnerable process.
According to Oracle:
A remote, unauthenticated attacker could execute arbitrary code with privileges of the vulnerable process.
Thanks to Ioannis Migadakis of InAccess Networks for reporting this vulnerability.
This document was written by Damon Morda.
|Date First Published:||2004-03-22|
|Date Last Updated:||2004-04-20 20:44 UTC|