Oracle9i Database and Application Server SOAP DTD Denial of Service

Friday, February 20th, 2004
by Marc Erickson

“Amit Klein has identified a vulnerability in Oracle9i Database and Application Server, allowing malicious people to cause a Denial of Service.

The vulnerability is caused due to an error in the XML parser when parsing the DTD (Document Type Definition) part of XML documents.

This can be exploited on SOAP enabled servers by sending a specially crafted SOAP request, which causes a vulnerable SOAP server to consume all CPU resources for a longer period of time as well as large amounts of memory.

The following versions are affected:
Oracle9i Application Server Release 2, version 9.0.3.0 and 9.0.3.1
Oracle9i Application Server Release 2, version 9.0.2.1 and earlier
Oracle9i Application Server Release 1, version 1.0.2.2
Oracle9i Database Server Release 2, version 9.2.0.2
Oracle9i Database Server Release 1, version 9.0.1.4

Solution:
Patches are available, see Metalink Document ID 259556.1:
http://metalink.oracle.com/

What Do You Think?

Want to Start a Blog Here for Free?

Are you an expert in one subject or another? If your goal is to help others and dispense hard-earned information back to the community, stake a claim on your very own Lockergnome blog today! You can write about anything - no matter the topic. Sign-up to start blogging!

Gadgets, Video - Oct 6, 2008

Chumby

World’s Biggest Computing Grid Launched
Monday, October 6, 2008
Viewers Will Receive Greatest Benefit In Presidential Town Hall Debate
Monday, October 6, 2008
PC Connection Extends Free Shipping Offer
Friday, October 3, 2008
Korg Kaossilator
Friday, October 3, 2008
Mandate For Biofuels Production Requires Science-Based Policy And Global Perspective
Friday, October 3, 2008

Science - Oct 3, 2008

Coastlines Could Be Protected By Invisibility Cloak

Scientists Explore Putting Electric Cars On A Two-Way Power Street
Friday, October 3, 2008
APA Letter To Bush: New Policy Limits Psychologist Involvement In Interrogations
Thursday, October 2, 2008
Sound & Vision Magazine
Thursday, October 2, 2008
Microvision RoV Wireless Laser Barcode Scanner
Thursday, October 2, 2008
Scientists Identify Gene That May Contribute To Improved Rice Yield
Thursday, October 2, 2008

Funny - Sep 30, 2008

Remember MST3K?

Flip Video Camera
Tuesday, September 30, 2008
Research Underway To Give Sleep Apnea Sufferers Relief And Rest
Tuesday, September 30, 2008
iPhone 2.0 Operating System
Monday, September 29, 2008
New Nanoscale Process Will Help Computers Run Faster And More Efficiently
Monday, September 29, 2008
Digital Camera Repair
Monday, September 29, 2008

Gadgets, Video - Sep 26, 2008

How To Avoid Slicing Yourself On Plastic Packages

Free Adeona Service Tracks Stolen Laptops
Friday, September 26, 2008
Simple Device Using Electrical Field Could Boost Gas Efficiency
Friday, September 26, 2008
How To Install A Gadget Beanbag
Thursday, September 25, 2008
Zeroing In On Wi-Fi Dead Zones
Thursday, September 25, 2008
New Research Finds Workers More Prone To Lie In Email
Thursday, September 25, 2008

64 queries / 0.284 seconds.