VULHUB ™

Oracle 9i Application and Database services are prone to remote denial of service attacks. This issue is reportedly triggered by passing malformed DTDs (Data Type Definitions) via XML inside of a SOAP (Simple Object Access Protocol) message. This may be exposed if authentication for SOAP is not enabled or if the attacker is able to gain unauthorized access to SOAP services. It has been reported that authentication to SOAP is not enabled by default in Oracle9i Application Server Release 2, version 9.0.2.1 and prior, therefore increasing the chances of exploitation.

Oracle 9i Application and Database services are prone to remote denial of service attacks. This issue is reportedly triggered by passing malformed DTDs (Data Type Definitions) via XML inside of a SOAP (Simple Object Access Protocol) message. This may be exposed if authentication for SOAP is not enabled or if the attacker is able to gain unauthorized access to SOAP services. It has been reported that authentication to SOAP is not enabled by default in Oracle9i Application Server Release 2, version 9.0.2.1 and prior, therefore increasing the chances of exploitation.