|
Name Shutdown unprotected TNS Listener via Oracle Discoverer Servlet [AS01]
Systems Affected Oracle Discoverer Servlet
Severity Low Risk
Category Remote D.o.S.
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-security.com)
Advisory 17 April 2007 (V 1.00)
Details
#######
The Oracle Discoverer Servlet contains a field for the database/tns alias. It is possible to send TNS STOP commands via this field and to shutdown unprotected Oracle TNS Listener.
This advisory is available at