Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1364

CWE-22 — Path Traversal5 documents4 sources

Severity

8.5HIGH

EPSS

15.2%

top 5.40%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Oracle Application Server Oracle Collaboration Suite Oracle E-business Suite +6 more

Timeline

PublishedAug 4

Latest updateApr 29

Description

Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 6.8 | Impact: 10.0

Affected Packages9 packages

▶NVDoracle/oracle8i19 versions+18

▶NVDoracle/oracle9i36 versions+35

▶NVDoracle/oracle10g6 versions+5

▶NVDoracle/e-business_suite9 versions+8

▶NVDoracle/application_server11 versions+10

Patches

Patch: www.ngssoftware.com ↗Patch: www.oracle.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-rx5m-vvp9-4xw5: Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bi↗2022-04-29

▶

CVEList

CVE-2004-1364: Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bi↗2005-01-19

▶

💥Exploits & PoCs

Exploit-DB

Oracle 9i/10g - 'extproc' Local/Remote Command Execution↗2006-12-19

▶

Exploit-DB

Oracle 9i - Multiple Vulnerabilities↗2004-08-04

▶