Pentest Security Advisory : PTL-2004-04
Vulnerability in Oracle XDB Server

Advisory Details

Title: Vulnerability in Oracle XDB Server
Announcement date: 23rd September 2004
Advisory Reference: ptl-2004-04
Products: Oracle XML Database Server
Vulnerability Type: Denial Of Service
Vendor-URL: http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf
Vendor-Status: Patch Available
Remotely Exploitable: Yes
Locally Exploitable: Yes
Advisory URL: http://www.pentest.co.uk

Vulnerability Description

An HTTP request to the Oracle XDB Server on port 8080 that contains a malformed HTTP header can cause a denial of service condition. This allows an unauthenticated remote user to crash the Oracle database instance.

Fix / Workarounds

Apply patch #68 available from Oracle Metalink.

Credit

This vulnerability was discovered by Pentest Limited

arrow morePTL-2004-05

PTL-2004-03arrow more

Security Services

Penetration Testing as a service has grown into a business in its own right, providing numerous corporations with a valuable weapon in their growing arsenal of security counter measures. Pentest Limited was set up in June 2001 to provide specialist security services to businesses across the UK, North America and Europe.

read more arrow more

Database Services

Pentest Limited offers a complete Database Security Assessment Service (DSAS) to businesses that rely on the security of the information held within their databases or have concerns relating to the security compliance of these databases.

read more arrow more

ISO 27001ISO 9001Tiger scheme
© Copyright Pentest Limited 2001 - 2013 All Rights Reserved. Privacy statement Design: Jalee Design