CVE-2003-0632 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Oracle Applications

3 documents3 sources
Severity
7.5HIGHNVD
EPSS
2.8%
top 13.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle ApplicationsOracle E-business Suite
Timeline
PublishedAug 27
Latest updateApr 29

Description

Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

â–¶NVDoracle/e-business_suite8 versions+7
â–¶NVDoracle/applications10.7, 11.0+1

🔴Vulnerability Details

2
GHSA
GHSA-gg7c-8fp9-9frj: Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR↗2022-04-29
â–¶
CVEList
CVE-2003-0632: Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR↗2003-08-02
â–¶
CVE-2003-0632 — Oracle Applications vulnerability | cvebase