Pentest Limited

Vulnerability in Oracle XDB Server

Pentest Limited Security Advisory

Advisory Details

Title: Vulnerability in Oracle XDB Server
Announcement date: 23rd September 2004
Advisory Reference: ptl-2004-04
Products: Oracle XML Database Server
Vulnerability Type: Denial Of Service
Vendor-URL: http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf
Vendor-Status: Patch Available
Remotely Exploitable: Yes
Locally Exploitable: Yes
Advisory URL: http://www.pentest.co.uk

Vulnerability Description

An HTTP request to the Oracle XDB Server on port 8080 that contains a malformed HTTP header can cause a denial of service condition. This allows an unauthenticated remote user to crash the Oracle database instance.

Fix / Workarounds

Apply patch #68 available from Oracle Metalink.

Credit

This vulnerability was discovered by Pentest Limited

© Copyright Pentest Limited 2001 - 2004 All Rights Reserved

back to alerts