TUCoPS :: Web :: Servers :: oracle14.htm

Oracle Web Listener for AIX malformed URL Denial of Service 
Vulnerability

    Oracle Web Listener

Affected

    Oracle Web Listener for AIX

Description

    Peter Grundl found following.  He tested following:

        Oracle_Web_Listener/4.0.7.0.0 for AIX
        Oracle_Web_Listener/4.0.8.1.0 for AIX

    Vulnerable is possibly other  operating systems as well,  this has
    not been tested.

    By issuing a malformed URL (variations on "..") it is possible  to
    cause a Denial of Service situation where the  Oracle_Web_Listener
    will no longer  accept HTTP requests  and the service  needs to be
    restarted.

Solution

    Systems not Affected:

        Oracle_Web_Listener/4.0.8.0.0 for Windows NT
        Oracle_Web_Listener/4.0.8.1.0 for Windows NT
        Oracle_Web_Listener/4.0.8.2.0 for Windows NT
        Oracle_Web_Listener/4.0.8.1.0 for Sun

    Older versions  are no  longer supported  since 1st  of June 2000,
    which  means  4.0.7.0.0  will  never  be fixed.  The vulnerability
    still exist in  4.0.8.1.0, and is  unlikely to have  been adressed
    in 4.0.8.2.0.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH