Denial of Service Vulnerability in Oracle Forms by Oracle
CVE-2005-3207

Currently unrated

Key Information:

Vendor: Oracle
Status: Forms
Vendor: CVE Published:; 14 October 2005

What is CVE-2005-3207?

The forms servlet in Oracle Forms version 4.5.10.22 is susceptible to a denial of service attack due to improper handling of the 'userid' parameter. Attackers can send a specially crafted request containing a 'STOP' command, which can cause the TNS listener to shut down, resulting in service disruption. This vulnerability emphasizes the importance of securing input fields to prevent unauthorized command execution that can lead to significant operational impacts.

References

http://archives.neohapsis.com/archives/fulldisclosure/200...

mailing-listx_refsource_FULLDISC

http://secunia.com/advisories/15991/

third-party-advisoryx_refsource_SECUNIA

http://www.oracle.com/technology/deploy/security/pdf/cpuj...

x_refsource_MISC

EPSS Score

39% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 14, 2005
Vulnerability Reserved
Oct 14, 2005