GEN:SID 1:2555
Message EXPLOIT Oracle Web Cache TRACE overflow attempt
Summary This event is generated when an attempt is made to exploit a known
vulnerability in Oracle Application Server Web Cache.
Impact Serious. Possible execution of arbitrary code leading to remote
administrative access.
Detailed Information The Oracle Application Server Web Cache is vulnerable to a buffer
overrun caused by poor checking of the length of an HTTP Header. If a
large invalid HTTP Request Method is supplied to a vulnerable system, an
attacker may be presented with the opportunity to overrun a fixed length
buffer and subsequently execute code of their choosing on the server.
Affected Systems Oracle Application Server Web Cache 10g 9.0.4 .0
Oracle Oracle9i Application Server Web Cache 2.0 .0.4
Oracle Oracle9i Application Server Web Cache 9.0.2 .3
Oracle Oracle9i Application Server Web Cache 9.0.2 .2
Oracle Oracle9i Application Server Web Cache 9.0.3 .1
Attack Scenarios An attacker might supply an HTTP Request Method of more than 432 bytes,
causing the overflow to occur.
Ease of Attack Simple.
Corrective Action Apply the appropriate vendor supplied patch
Additional References  
Rule References bugtraq: 9868
cve: 2004-0385
nessus: 12126