PT-2007-3462 · Oracle · Oracle Application Server+1

Alexander Kornbrust

Published

2007-04-18

Updated

2018-10-16

CVE-2007-2120

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Oracle Application Server versions 9.0.4.3, 10.1.2.0.2, 10.1.2.2.0

Description The issue allows remote attackers to shut down an Oracle TNS Listener via a TNS STOP command in a request. This can be achieved by using the database/TNS alias.

Recommendations For Oracle Application Server version 9.0.4.3, update to a version that includes a fix for this issue. For Oracle Application Server version 10.1.2.0.2, update to a version that includes a fix for this issue. For Oracle Application Server version 10.1.2.2.0, update to a version that includes a fix for this issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2007-2120

Affected Products

Oracle Application Server

Oracle Tns Listener

PT-2007-3462 · Oracle · Oracle Application Server+1

CVE-2007-2120

Weakness Enumeration

Related Identifiers

Affected Products

References · 11