DB: Oracle TimesTen In-Memory Database HTTP Request Denial of Service
This signature detects attempts to exploit a known vulnerability in the Oracle TimesTen HTTP Server; specifically in Oracle TimesTen In-Memory Database service. It is due to an input validation error while parsing HTTP GET requests. Remote unauthenticated attackers can send a specially crafted HTTP request to the timestend daemon listening on port 17000/TCP. Successful exploitation can cause the database service to terminate abnormally, resulting in a denial-of-service condition
Extended Description
Oracle Times Ten In-Memory Database is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the application to crash, denying service to legitimate users. Oracle Times Ten In-Memory Database 7.0.5 is vulnerable; other versions may also be affected.
Affected Products
Oracle timesten_in-memory_database
References
BugTraq: 38019
URL: http://intevydis.blogspot.com/2010/02/oracle-timesten-705-timestend-dos.html
Short Name
DB:ORACLE:TIMES-TEN-HTTP-DOS
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
DB
Keywords
Database Denial HTTP In-Memory Oracle Request Service TimesTen bid:38019 of
Release Date
09/24/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
tcp/17000
False Positive
Unknown
Vendors
Oracle