CVE-2008-2595

Name of the Vulnerable Software and Affected Versions Oracle Application Server versions 9.0.4.3, 10.1.2.3, 10.1.4.2

Description The issue concerns an unspecified vulnerability in the Oracle Internet Directory component. It is claimed by researchers to potentially cause a denial of service (crash) via a malformed LDAP request that triggers a NULL pointer dereference, although Oracle has not commented on this. The attack vector is remote.

Recommendations For versions 9.0.4.3, 10.1.2.3, and 10.1.4.2, consider restricting access to the Oracle Internet Directory component to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.