CVE-2004-1363
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
04/08/2004
Last modified:
03/04/2025
Description
Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:application_server:9.0.2.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:application_server:9.0.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:application_server:9.0.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:application_server:9.0.4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:collaboration_suite:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:database_server:8.1.7.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:oracle:database_server:9.0.1.4:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://marc.info/?l=bugtraq&m=110382345829397&w=2
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1
- http://www.kb.cert.org/vuls/id/316206
- http://www.ngssoftware.com/advisories/oracle23122004.txt
- http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf
- http://www.securityfocus.com/bid/10871
- http://www.us-cert.gov/cas/techalerts/TA04-245A.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18659
- http://marc.info/?l=bugtraq&m=110382345829397&w=2
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1
- http://www.kb.cert.org/vuls/id/316206
- http://www.ngssoftware.com/advisories/oracle23122004.txt
- http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf
- http://www.securityfocus.com/bid/10871
- http://www.us-cert.gov/cas/techalerts/TA04-245A.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18659