Description
Buffer overflow in shared library ndwfn4.so for iPlanet Web Server (iWS) 4.1, when used as a web listener for Oracle application server 4.0.8.2, allows remote attackers to execute arbitrary commands via a long HTTP request that is passed to the application server, such as /jsp/.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Fyodor Yarochkin · textdoslinux
https://www.exploit-db.com/exploits/20747
References (2)
Core 2
Core References
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/2569
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=98692227816141&w=2
Scores
EPSS
0.1835
EPSS Percentile
95.3%
Details
Status
published
Products (1)
oracle/application_server
4.0.8.2
Published
Jul 02, 2001
Tracked Since
Feb 18, 2026