Pentest Security Advisory : PTL-2004-04
Vulnerability in Oracle XDB Server

Advisory Details

Title: Vulnerability in Oracle XDB Server
Announcement date: 23rd September 2004
Advisory Reference: ptl-2004-04
Products: Oracle XML Database Server
Vulnerability Type: Denial Of Service
Vendor-Status: Patch Available
Remotely Exploitable: Yes
Locally Exploitable: Yes
Advisory URL:

Vulnerability Description

An HTTP request to the Oracle XDB Server on port 8080 that contains a malformed HTTP header can cause a denial of service condition. This allows an unauthenticated remote user to crash the Oracle database instance.

Fix / Workarounds

Apply patch #68 available from Oracle Metalink.


This vulnerability was discovered by Pentest Limited

arrow morePTL-2004-05

PTL-2004-03arrow more

Security Services

Pentest offers a thorough, yet adaptive range of security services to help customers address vulnerabilities in their network or applications. Services include: Secure Coding Workshops, SAST tools, Manual Penetration Testing and Security Audits.

read more arrow more

Database Services

Pentest offers a complete Database Security Assessment Service (DSAS) to businesses that rely on the security of the information held within their databases or have concerns relating to the security compliance of these systems.

read more arrow more

© Copyright Pentest Limited 2001 - 2017 All Rights Reserved. Privacy statement