Gravité: Critique
  Identifiant(s) CVE: : CVE-2004-385
  Date du conseil: 21 juillet 2015


Heap-based buffer overflow in Oracle 9i Application Server Web Cache,,, and allows remote attackers to execute arbitrary code via a long HTTP request method header to the Web Cache listener. NOTE: due to the vagueness of the Oracle advisory, it is not clear whether there are additional issues besides this overflow, although the advisory alludes to multiple "vulnerabilities."

  Information Exposure Rating:

Apply associated Trend Micro DPI Rules.


  Trend Micro Deep Security DPI Rule Number: 1000552
  Trend Micro Deep Security DPI Rule Name: 1000552 - Generic Cross Site Scripting(XSS) Prevention

  Affected software and version:

  • Oracle Application Server