Check Point Reference: | CPAI-2014-1343 |
Date Published: | 10 Apr 2014 |
Severity: | Critical |
Last Updated: | Tuesday 10 November, 2015 |
Source: | Oracle cpujul2008 |
Industry Reference: | CVE-2008-2595 |
Protection Provided by: |
Security Gateway |
Who is Vulnerable? | Oracle Application Server 9.0.4.3 and earlier Oracle Application Server 10.1.2.3 and earlier Oracle Identity Manager 10.1.4.2 and earlier |
Vulnerability Description | There exists a denial of service vulnerability in the Oracle Internet Directory. The vulnerability is due to a NULL pointer dereference error when processing LDAP requests. Remote unauthenticated attackers could exploit this vulnerability by sending a crafted LDAP request to create a denial of service condition on the target system. |
This protection will detect and block attempts to exploit this vulnerability.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: LDAP Protection Violation.
Attack Information: Oracle Internet Directory Pre-Authentication LDAP Denial of Service