Signature Detail
Short Name |
DB:ORACLE:TIMES-TEN-HTTP-DOS |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
DB |
Keywords |
Oracle TimesTen In-Memory Database HTTP Request Denial of Service |
Release Date |
2010/09/24 |
Update Number |
1779 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
DB: Oracle TimesTen In-Memory Database HTTP Request Denial of Service
This signature detects attempts to exploit a known vulnerability in the Oracle TimesTen HTTP Server; specifically in Oracle TimesTen In-Memory Database service. It is due to an input validation error while parsing HTTP GET requests. Remote unauthenticated attackers can send a specially crafted HTTP request to the timestend daemon listening on port 17000/TCP. Successful exploitation can cause the database service to terminate abnormally, resulting in a denial-of-service condition
Extended Description
Oracle Times Ten In-Memory Database is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the application to crash, denying service to legitimate users. Oracle Times Ten In-Memory Database 7.0.5 is vulnerable; other versions may also be affected.
Affected Products
- Oracle TimesTen In-Memory Database 7.0.5
References