|
Oracle9i Database and Application Server SOAP DTD Denial of Service
|
|
Secunia Advisory:
|
SA10936
|
|
|
Release Date:
|
2004-02-20
|
|
Popularity:
|
10,824 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Oracle9i Application Server
Oracle9i Database Enterprise Edition
Oracle9i Database Standard Edition
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Amit Klein has identified a vulnerability in Oracle9i Database and Application Server, allowing malicious people to cause a Denial of Service.
The vulnerability is caused due to an error in the XML parser when parsing the DTD (Document Type Definition) part of XML documents.
This can be exploited on SOAP enabled servers by sending a specially crafted SOAP request, which causes a vulnerable SOAP server to consume all CPU resources for a longer period of time as well as large amounts of memory.
The following versions are affected:
Oracle9i Application Server Release 2, version 9.0.3.0 and 9.0.3.1
Oracle9i Application Server Release 2, version 9.0.2.1 and earlier
Oracle9i Application Server Release 1, version 1.0.2.2
Oracle9i Database Server Release 2, version 9.2.0.2
Oracle9i Database Server Release 1, version 9.0.1.4
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
