CVE-2017-3567

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 11.2.0.4 and 12.1.0.2

Description The issue allows a low-privileged attacker with Create Session and Create Procedure privileges and network access via multiple protocols to compromise the OJVM component. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash of OJVM, leading to a complete denial of service.

Recommendations For version 11.2.0.4, update to a version that includes the fix for this issue. For version 12.1.0.2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting network access to the OJVM component to minimize the risk of exploitation.