Oracle Products: HTTP Request Remote Buffer Overflow Vulnerability

Users of Oracle Products please be advised of a HTTP Request Remote Buffer Overflow vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

CVE-2010-2390: Oracle Products HTTP Request Remote Buffer Overflow Vulnerability

. AFFECTED PRODUCTS --------------------------- Oracle Database 10g Release 2 version 10.2.0.3 and prior Oracle Database 10g Release 1 version 10.1.0.5 and prior Oracle Application Server 10gR2 version 10.1.2.3.0 and prior Oracle Identity Management 10g version 10.1.4.3 and prior Oracle Enterprise Manager Grid Control

. DESCRIPTION --------------------- VUPEN Vulnerability Research Team discovered a critical vulnerability in various Oracle products. The vulnerability is caused by a buffer overflow error in the EM Console when processing overly long HTTP requests, which could allow remote unauthenticated attackers to crash an affected service or execute arbitrary code via a malicious request. Read more at www.criticalwatch.com

 

See this Amp at http://amplify.com/u/d9ez