How can I help you? Start Chat

US Phone: 1-866-488-6691
International Phone: +44-2036087492

  • E-Mail
  • Facebook
  • LinkedIn
  • Twitter

Check Point Advisories

Update Protection against Oracle XDB HTTP Buffer Overflow Vulnerability

Check Point Reference: CPAI-2006-013
Date Published: 12 Feb 2006
Severity: Medium
Last Updated: 8 May 2007
Source: Oracle Security Alert 58
Industry Reference:CVE-2003-0727
Protection Provided by:
Who is Vulnerable? XML Database (XDB) functionality for Oracle 9i Database Release 2
Vulnerability Description Oracle 9i XML database suffers from a buffer overflow vulnerability. By passing an overly long username or password, an attacker can execute arbitrary code on the target system.
Vulnerability DetailsThe Oracle XDB can be accessed via an HTTP based service on TCP port 8080 or an FTP based service on TCP port 2100. To access the database, an attacker must authenticate. By authenticating using an overly long username, an attacker can overflow the buffer and execute code on the system.

Protection Overview