CVE-2000-0169

Oracle Application Server - Remote Command Execution via Malformed URL Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0169. PoCs published by Cerberus Security Team.

AI-analyzed exploit summary This exploit leverages Oracle Web Listener for NT's improper handling of batch files as CGI scripts, allowing arbitrary command execution at the SYSTEM level via appended commands or UNC paths.

Description

Batch files in the Oracle web listener ows-bin directory allow remote attackers to execute commands via a malformed URL that includes '?&'.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Cerberus Security Team · textremotewindows

https://www.exploit-db.com/exploits/19809

View Code ZIP pw:eip

This exploit leverages Oracle Web Listener for NT's improper handling of batch files as CGI scripts, allowing arbitrary command execution at the SYSTEM level via appended commands or UNC paths.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Oracle Web Listener for NT

No auth needed

Prerequisites: Access to the target server's /ows-bin/ directory

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/1053

Third Party Advisory mailing-list x_refsource_ntbugtraq

http://archives.neohapsis.com/archives/ntbugtraq/2000-q1/0211.html

Scores

EPSS 0.2669

EPSS Percentile 97.8%

Details

Status published

Products (1)

oracle/application_server 4.0

Published Mar 15, 2000

Tracked Since Feb 18, 2026