CVE-2005-3206

Name of the Vulnerable Software and Affected Versions iSQL*Plus (isqlplus) for Oracle9i Database Server version 9.0.2.4 Oracle (affected versions not specified)

Description The issue allows remote attackers to cause a denial of service, specifically stopping the TNS listener, by sending an HTTP request with an sid parameter containing a STOP command. Additionally, there are multiple vulnerabilities in the current Oracle version that enable remote attackers to bypass security restrictions, execute arbitrary SQL commands, and access sensitive data.

Recommendations For iSQL*Plus (isqlplus) for Oracle9i Database Server version 9.0.2.4: Avoid using the sid parameter in HTTP requests until a fix is available. For Oracle (affected versions not specified): At the moment, there is no information about a newer version that contains a fix for this vulnerability.