| Name | Oracle.Application.Server.10g.OPMN.Service.Format.String |
| Release Date | Jun 23, 2009 |
| Severity | High |
| Impact | System Compromise: Remote attackers can gain control of vulnerable systems. |
| Description | This indicates an attack attempt against a format-string vulnerability in Oracle Application Server.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted HTTP request. It allows a remote attacker to execute arbitrary code. |
| Affected Products | Oracle Application Server 10g 10.1.2.3 |
| Recommended Actions | Apply the patch, available from the vendor's web site:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-0993
|
| Reference/s | http://www.zerodayinitiative.com/advisories/ZDI-09-017/
|