Lucene search

[email protected]CVE-2004-1363

HistoryAug 04, 2004 - 4:00 a.m.

CVE-2004-1363

2004-08-0404:00:00

CWE-131

[email protected]

web.nvd.nist.gov

oracle

10g

buffer overflow

remote code execution

cve-2004-1363

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.105 Low

EPSS

Percentile

95.0%

JSON

Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.

CPENameOperatorVersion
oracle:database_serveroracle database servereq8.1.7.4
oracle:application_serveroracle application servereq9.0.2.1
oracle:application_serveroracle application servereq*
oracle:database_serveroracle database servereq9.0.1.5
oracle:application_serveroracle application servereq9.0.2.0.0
oracle:e-business_suiteoracle e-business suiteeq11.5.5
oracle:enterprise_manageroracle enterprise managereq9.0.1
oracle:database_serveroracle database servereq9.0.4
oracle:application_serveroracle application servereq9.0.4
oracle:e-business_suiteoracle e-business suiteeq11.5.4

CPE	Name	Operator	Version
oracle:database_server	oracle database server	eq	8.1.7.4
oracle:application_server	oracle application server	eq	9.0.2.1
oracle:application_server	oracle application server	eq	*
oracle:database_server	oracle database server	eq	9.0.1.5
oracle:application_server	oracle application server	eq	9.0.2.0.0
oracle:e-business_suite	oracle e-business suite	eq	11.5.5
oracle:enterprise_manager	oracle enterprise manager	eq	9.0.1
oracle:database_server	oracle database server	eq	9.0.4
oracle:application_server	oracle application server	eq	9.0.4
oracle:e-business_suite	oracle e-business suite	eq	11.5.4

Rows per page:

1-10 of 331

References

marc.info/?l=bugtraq&m=110382345829397&w=2

sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1

www.kb.cert.org/vuls/id/316206

www.ngssoftware.com/advisories/oracle23122004.txt

www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf

www.securityfocus.com/bid/10871

www.us-cert.gov/cas/techalerts/TA04-245A.html

exchange.xforce.ibmcloud.com/vulnerabilities/18659

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.105 Low

EPSS

Percentile

95.0%

JSON

Related for CVE-2004-1363

cvelist1 nessus5