Short Name |
DB:ORACLE:TIMES-TEN-HTTP-DOS |
---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
DB |
Keywords |
Oracle TimesTen In-Memory Database HTTP Request Denial of Service |
Release Date |
2010/09/24 |
Update Number |
1779 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in the Oracle TimesTen HTTP Server; specifically in Oracle TimesTen In-Memory Database service. It is due to an input validation error while parsing HTTP GET requests. Remote unauthenticated attackers can send a specially crafted HTTP request to the timestend daemon listening on port 17000/TCP. Successful exploitation can cause the database service to terminate abnormally, resulting in a denial-of-service condition
Oracle Times Ten In-Memory Database is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the application to crash, denying service to legitimate users. Oracle Times Ten In-Memory Database 7.0.5 is vulnerable; other versions may also be affected.