Pentest Security Advisory : PTL-2004-04
Vulnerability in Oracle XDB Server
Advisory Details
| Title: | Vulnerability in Oracle XDB Server |
| Announcement date: | 23rd September 2004 |
| Advisory Reference: | ptl-2004-04 |
| Products: | Oracle XML Database Server |
| Vulnerability Type: | Denial Of Service |
| Vendor-URL: | http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf |
| Vendor-Status: | Patch Available |
| Remotely Exploitable: | Yes |
| Locally Exploitable: | Yes |
| Advisory URL: | http://www.pentest.co.uk |
Vulnerability Description
An HTTP request to the Oracle XDB Server on port 8080 that contains a malformed HTTP header can cause a denial of service condition. This allows an unauthenticated remote user to crash the Oracle database instance.
Fix / Workarounds
Apply patch #68 available from Oracle Metalink.
Credit
This vulnerability was discovered by Pentest Limited
PTL-2004-05
Penetration Testing as a service has grown into a business in its own right, providing numerous corporations with a valuable weapon in their growing arsenal of security counter measures. Pentest Limited was set up in June 2001 to provide specialist security services to businesses across the UK, North America and Europe.
Pentest Limited offers a complete Database Security Assessment Service (DSAS) to businesses that rely on the security of the information held within their databases or have concerns relating to the security compliance of these databases.
