VDB
CVE-2004-0385
CVE-2004-0385
PUBLISHED
CVSS 10 CRITICAL
Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9.0.0.4.0 allows remote attackers to execute arbitrary code via a long HTTP request method header to the Web Cache listener. NOTE: due to the vagueness of the Oracle advisory, it is not clear whether there are additional issues besides this overflow, although the advisory alludes to multiple "vulnerabilities."
EPSS 44.25% · 97.6th percentile
Risk Scores
CVSS 2.0
10
EPSS Score
44.25%
97.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| oracle | e-business_suite | 11i |
| oracle | application_server_web_cache | 9.0.2.3.0, 9.0.3.1.0, 9.0.4.0.0 |
Timeline
- Apr 16, 2004 CVE Published
- Sep 23, 2010 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 24, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- http://www.inaccessnetworks.com/ian/services/secadv01.txt url
- http://otn.oracle.com/deploy/security/pdf/2004alert66.pdf url
- oracle-web-cache-vulnerabilities(15463) vdb
- 4249 vdb
- 11118 third-party-advisory
- 20040408 Heap Overflow in Oracle 9iAS / 10g Application Server Web Cache mailing-list
- VU#413006 third-party-advisory
- 20040316 new security alert #66 issued in Oracle web cache mailing-list
- 20040408 Heap Overflow in Oracle 9iAS / 10g Application Server Web Cache mailing-list
- 9868 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2004-0385 advisory