Oracle TimesTen 'timestend' Process Can Be Crashed By Remote Users
|
|
SecurityTracker Alert ID: 1023522 |
|
SecurityTracker URL: http://securitytracker.com/id/1023522
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Feb 2 2010
|
Impact:
Denial of service via network
|
Exploit Included: Yes
|
Version(s): 7.0.5
|
Description:
A vulnerability was reported in Oracle TimesTen. A remote user can cause denial of service conditions.
A remote user can send a specially crafted request to TCP port 1700 to cause the target 'timestend' service to crash.
A demonstration exploit request is provided:
"GET hello?" + "&"*10000 + "=a HTTP/1.0\r\n\r\n"
The original advisory is available at:
http://intevydis.blogspot.com/2010/02/oracle-timesten-705-timestend-dos.html
Evgeny Legerov of Intevydis reported this vulnerability.
|
Impact:
A remote user can cause the target service to crash.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.oracle.com/ (Links to External Site)
|
Cause:
Exception handling error
|
Underlying OS:
Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 02 Feb 2010 07:12:08 +0000
Subject: Oracle TimesTen
|
http://intevydis.blogspot.com/2010/02/oracle-timesten-705-timestend-dos.html
|
|
