CVE-2001-0419

Oracle Application Server 4.0.8.2 - Buffer Overflow via Long HTTP Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0419. PoCs published by Fyodor Yarochkin.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow in the 'ndwfn4.so' library of Oracle Application Server by sending a crafted HTTP GET request with a long string of 'A' characters. The overflow causes the iPlanet web server to crash, potentially allowing arbitrary code execution.

Description

Buffer overflow in shared library ndwfn4.so for iPlanet Web Server (iWS) 4.1, when used as a web listener for Oracle application server 4.0.8.2, allows remote attackers to execute arbitrary commands via a long HTTP request that is passed to the application server, such as /jsp/.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Fyodor Yarochkin · textdoslinux
https://www.exploit-db.com/exploits/20747

This exploit demonstrates a buffer overflow in the 'ndwfn4.so' library of Oracle Application Server by sending a crafted HTTP GET request with a long string of 'A' characters. The overflow causes the iPlanet web server to crash, potentially allowing arbitrary code execution.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Oracle Application Server (with iPlanet web server)
No auth needed
Prerequisites: Network access to the target server · Oracle Application Server with vulnerable 'ndwfn4.so' library
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2569
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=98692227816141&w=2

Scores

EPSS 0.2445
EPSS Percentile 97.6%

Details

Status published
Products (1)
oracle/application_server 4.0.8.2
Published Jul 02, 2001
Tracked Since Feb 18, 2026