Check Point Advisories

Update Protection against Oracle XDB HTTP Buffer Overflow Vulnerability

Check Point Reference: CPAI-2006-013
Date Published: 12 Feb 2006
Severity: Medium
Last Updated: Tuesday 08 May, 2007
Source: Oracle Security Alert 58
Industry Reference:CVE-2003-0727
Protection Provided by:
Who is Vulnerable? XML Database (XDB) functionality for Oracle 9i Database Release 2
Vulnerability Description Oracle 9i XML database suffers from a buffer overflow vulnerability. By passing an overly long username or password, an attacker can execute arbitrary code on the target system.
Vulnerability DetailsThe Oracle XDB can be accessed via an HTTP based service on TCP port 8080 or an FTP based service on TCP port 2100. To access the database, an attacker must authenticate. By authenticating using an overly long username, an attacker can overflow the buffer and execute code on the system.

Protection Overview

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.