Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against Oracle TimesTen In-Memory Database HTTP Request Denial of Service

Subscribe

Check Point Reference: CPAI-2010-110
Date Published:
Severity:
Last Updated:
Source: Secunia Advisory SA38446
Protection Provided by: Security Gateway
  • R75
IPS-1
  • IPS-1
  • IPS-1 NGX R65
Who is Vulnerable?
Oracle TimesTen In-Memory Database 7.0.5
Vulnerability Description
A denial of service vulnerability was reported in Oracle TimesTen In-Memory Database service, a product designed for real-time data management. The vulnerability is due to an input validation error while parsing HTTP GET requests. Remote unauthenticated attackers can exploit this vulnerability by sending a specially crafted HTTP request to the target system, potentially resulting in a Denial of Service condition.
Vulnerability Details
The vulnerability is caused due to an error in the "timestend" daemon when processing HTTP requests. This can be exploited to crash the process via an overly large HTTP request sent to TCP port 17000.

Protection Overview
This protection will detect and block HTTP request to the Oracle TimesTen server where any CGI argument has a length that exceeds a given threshold.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05Protection tab and select the version of your choice.

To configure the defense, select your product from the list below and follow the related protection steps.

Security Gateway: R75

How Can I Protect My Network?
1. In the IPS tab, click Protections > By Protocol > IPS Software Blade > Application Intelligence > Database Protections > Oracle.
2. In the right pane, double-click the Oracle TimesTen In-Memory Database HTTP Request Denial of Service protection.
3. In the Protection Details window, click on Edit. Choose the protection's Action (Override IPS Policy with: Prevent/Detect), and apply Additional Settings
4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Oracle Protection Violation
Attack Information: Oracle TimesTen In-Memory Database HTTP request denial of service

IPS-1 & IPS-1 NGX R65

How Can I Protect My Network?

1. In the IPS-1 Policy Manager, click on the Protection tab.
2. In the Protection tree, click Web Intelligence > WWW 2, and select the CGI Attacks protection group.
3. Click Oracle TimesTen In-Memory Database HTTP Request Denial of Service (IPS-1 NGX R65 only).
4. In the configuration pane, under Settings, check Active.
5. Click on Install Policy.

How Do I Know if My Network is Under Attack?

Upon attack, the following entries will be logged:

Alert Name: WWW/CGI Attacks Protection Group
Description: Oracle TimesTen In-Memory Database HTTP Request Denial of Service