Pentest Security Advisory : PTL-2004-04
Vulnerability in Oracle XDB Server
|Title:||Vulnerability in Oracle XDB Server|
|Announcement date:||23rd September 2004|
|Products:||Oracle XML Database Server|
|Vulnerability Type:||Denial Of Service|
An HTTP request to the Oracle XDB Server on port 8080 that contains a malformed HTTP header can cause a denial of service condition. This allows an unauthenticated remote user to crash the Oracle database instance.
Fix / Workarounds
Apply patch #68 available from Oracle Metalink.
This vulnerability was discovered by Pentest Limited
Penetration Testing as a service has grown into a business in its own right, providing numerous corporations with a valuable weapon in their growing arsenal of security counter measures. Pentest Limited was set up in June 2001 to provide specialist security services to businesses across the UK, North America and Europe.
Pentest Limited offers a complete Database Security Assessment Service (DSAS) to businesses that rely on the security of the information held within their databases or have concerns relating to the security compliance of these databases.