Release DateJun 23, 2009 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt against a format-string vulnerability in Oracle Application Server.The vulnerability is caused by an error when the vulnerable software handles a specially crafted HTTP request. It allows a remote attacker to execute arbitrary code. |
Affected ProductsOracle Application Server 10g 10.1.2.3 |
Recommended ActionsApply the patch, available from the vendor's web site:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2009-0993 |
Reference/shttp://www.zerodayinitiative.com/advisories/ZDI-09-017/ |
