Vulnerability Details : CVE-2004-1363
Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.
Vulnerability category: OverflowExecute code
Products affected by CVE-2004-1363
- cpe:2.3:a:oracle:database_server:9.0.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:9.0.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:9.2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:9.2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:10.1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:9.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:8.1.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_server:9.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_server:9.0.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_server:9.0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:application_server:9.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:e-business_suite:11.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:e-business_suite:11.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:e-business_suite:11.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:e-business_suite:11.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:e-business_suite:11.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:e-business_suite:11.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:collaboration_suite:-:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager:9:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager:9.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_database_control:10.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_grid_control:10.1.0.2:*:*:*:*:*:*:*
Threat overview for CVE-2004-1363
Top countries where our scanners detected CVE-2004-1363
Top open port discovered on systems with this issue
5560
IPs affected by CVE-2004-1363 1,999
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2004-1363!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2004-1363
10.49%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-1363
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | 2024-02-02 |
CWE ids for CVE-2004-1363
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
-
The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.Assigned by: nvd@nist.gov (Primary)
References for CVE-2004-1363
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1
Broken Link
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/18659
Oracle Database Server EXTPROC library name buffer overflow CVE-2004-1363 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.ngssoftware.com/advisories/oracle23122004.txt
Broken Link;Patch;Vendor Advisory
-
http://www.us-cert.gov/cas/techalerts/TA04-245A.html
Page Not Found | CISABroken Link;Patch;Third Party Advisory;US Government Resource
-
http://www.kb.cert.org/vuls/id/316206
VU#316206 - Oracle Database Server contains several vulnerabilitiesThird Party Advisory;US Government Resource
-
http://marc.info/?l=bugtraq&m=110382345829397&w=2
'Oracle extproc buffer overflow (#NISR23122004A)' - MARCMailing List
-
http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf
Page not found | OracleBroken Link;Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/10871
Broken Link;Patch;Third Party Advisory;VDB Entry
Jump to