Unrated severityNVD Advisory· Published Jun 1, 2004· Updated Apr 16, 2026

CVE-2004-0385

Description

Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9.0.0.4.0 allows remote attackers to execute arbitrary code via a long HTTP request method header to the Web Cache listener. NOTE: due to the vagueness of the Oracle advisory, it is not clear whether there are additional issues besides this overflow, although the advisory alludes to multiple "vulnerabilities."

Affected products

Oracle Corporation/Application Server Web Cache4 versions
cpe:2.3:a:oracle:application_server_web_cache:9.0.0.4.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:oracle:application_server_web_cache:9.0.0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_server_web_cache:9.0.2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_server_web_cache:9.0.3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_server_web_cache:9.0.4.0.0:*:*:*:*:*:*:*
Oracle Corporation/E Business Suite
cpe:2.3:a:oracle:e-business_suite:11i:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

otn.oracle.com/deploy/security/pdf/2004alert66.pdfnvdPatchVendor Advisory
www.kb.cert.org/vuls/id/413006nvdPatchThird Party AdvisoryUS Government Resource
www.inaccessnetworks.com/ian/services/secadv01.txtnvdVendor Advisory
archives.neohapsis.com/archives/vulnwatch/2004-q1/0078.htmlnvd
marc.infonvd
marc.infonvd
secunia.com/advisories/11118nvd
www.osvdb.org/4249nvd
www.securityfocus.com/bid/9868nvd
exchange.xforce.ibmcloud.com/vulnerabilities/15463nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.035
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000