Oracle 9i Application/Database Server SOAP XML DTD Denial Of Service Vulnerability

Oracle 9i Application and Database services are prone to remote denial of service attacks. This issue is reportedly triggered by passing malformed DTDs (Data Type Definitions) via XML inside of a SOAP (Simple Object Access Protocol) message.

This may be exposed if authentication for SOAP is not enabled or if the attacker is able to gain unauthorized access to SOAP services. It has been reported that authentication to SOAP is not enabled by default in Oracle9i Application Server Release 2, version 9.0.2.1 and prior, therefore increasing the chances of exploitation.


 

Privacy Statement
Copyright 2010, SecurityFocus