Denial of Service Vulnerability in Oracle 9i Application Server and Database Server
CVE-2004-2244

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle9i; Application Server
Vendor: CVE Published:; 31 December 2004

Summary

The XML parser in various versions of Oracle 9i Application Server and Database Server is susceptible to denial of service attacks. Attackers can exploit this vulnerability by sending a specially crafted SOAP message containing a malicious Document Type Definition (DTD), leading to excessive CPU and memory consumption. This can disrupt service availability, impacting operations reliant on the affected products.

References

http://secunia.com/advisories/10936

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/15270

vdb-entryx_refsource_XF

http://otn.oracle.com/deploy/security/pdf/2004alert65.pdf

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Jul 17, 2005
Vulnerability published
Dec 31, 2004