Back to CVE Browser

CVE-2004-0385

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1740%

EPSS Percentile20.76th

PublishedJun 1, 2004

Last ModifiedApr 16, 2026

Vulnerability Description

Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9.0.0.4.0 allows remote attackers to execute arbitrary code via a long HTTP request method header to the Web Cache listener. NOTE: due to the vagueness of the Oracle advisory, it is not clear whether there are additional issues besides this overflow, although the advisory alludes to multiple "vulnerabilities."

Affected Platforms (CPE)

📦

Oracle

Application Server Web Cache

= 9.0.0.4.0

📦

Oracle

Application Server Web Cache

= 9.0.2.3.0

📦

Oracle

Application Server Web Cache

= 9.0.3.1.0

📦

Oracle

Application Server Web Cache

= 9.0.4.0.0

📦

Oracle

E Business Suite

= 11i

References & Advisories

🔗 http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0078.html

🔗 http://marc.info/?l=bugtraq&m=107945649127635&w=2

🔗 http://marc.info/?l=bugtraq&m=108144419001770&w=2

🔗 http://otn.oracle.com/deploy/security/pdf/2004alert66.pdf

🔗 http://secunia.com/advisories/11118

🔗 http://www.inaccessnetworks.com/ian/services/secadv01.txt

🔗 http://www.kb.cert.org/vuls/id/413006

🔗 http://www.osvdb.org/4249

Related Vulnerabilities

CVE-2005-344910.0

Multiple unspecified vulnerabilities in Oracle Application Server 9.0 up to 10.1.2.0 have unknown impact and attack vectors, as id...

CVE-2005-345210.0

Unspecified vulnerability in Web Cache in Oracle Application Server 1.0 up to 9.0.4.2 has unknown impact and attack vectors, as id...

CVE-2002-164110.0

Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server (9iAS) allow remote attackers to execute arbitrary ...

CVE-2005-345310.0

Multiple unspecified vulnerabilities in Web Cache in Oracle Application Server 1.0 up to 10.1.2.0 has unknown impact and attack ve...