Denial of Service Vulnerability in Oracle 9i Application Server and Database Server
CVE-2004-2244

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle9i; Application Server
Vendor: CVE Published:; 31 December 2004

What is CVE-2004-2244?

The XML parser in various versions of Oracle 9i Application Server and Database Server is susceptible to denial of service attacks. Attackers can exploit this vulnerability by sending a specially crafted SOAP message containing a malicious Document Type Definition (DTD), leading to excessive CPU and memory consumption. This can disrupt service availability, impacting operations reliant on the affected products.

References

http://secunia.com/advisories/10936

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/15270

vdb-entryx_refsource_XF

http://otn.oracle.com/deploy/security/pdf/2004alert65.pdf

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Jul 17, 2005
Vulnerability published
Dec 31, 2004