CVE-2004-2244

Name of the Vulnerable Software and Affected Versions Oracle 9i Application Server Release 2 versions 9.0.2.3 and earlier, 9.0.3.0, 9.0.3.1 Oracle 9i Application Server Release 1 versions 1.0.2.2, 1.0.2.2.2 Oracle Database Server Release 2 version 9.2.0.1 and later

Description The issue allows remote attackers to cause a denial of service, consuming CPU and memory resources, by sending a crafted SOAP message containing a malicious DTD to the XML parser.

Recommendations For Oracle 9i Application Server Release 2 versions 9.0.2.3 and earlier, 9.0.3.0, 9.0.3.1, restrict access to the XML parser to minimize the risk of exploitation. For Oracle 9i Application Server Release 1 versions 1.0.2.2, 1.0.2.2.2, consider disabling the XML parser until a patch is available. For Oracle Database Server Release 2 version 9.2.0.1 and later, avoid processing SOAP messages with crafted DTDs in the XML parser until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.