Bugtraq mailing list archives
Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures
From: srompf () TELEMATION DE (Stefan Rompf)
Date: Wed, 23 Jul 1997 14:40:29 +0200
At 00:15 23.07.97 +0200, Simon Josefsson wrote:
Fellow bugtraqers, I stumpled over this tonight. It's a DoS-attack against a Oracle Webserver 2.1 that serves PL/SQL stored procedures.
The old Oracle Webserver 1.0.2.0.2 cannot be attacked this way. There seem to be hard limits of 32 lines HTTP-Request, 1540 chars on the GET/HEAD statement and 4096 chars on every additional header line. Stefan
Current thread:
- DoS against Oracle Webserver 2.1 with PL/SQL stored procedures Simon Josefsson (Jul 22)
- Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures Stefan Rompf (Jul 23)
- CPSR 7: IRIX WWW Server Corinne Posse Releases (Jul 23)
- Re: CPSR 7: IRIX WWW Server J.A. Gutierrez (Jul 23)
- SGI Security Advisory 19970701-01-PX - talkd Vulnerability SGI Security Coordinator (Jul 23)
- <Possible follow-ups>
- Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures Ross Potts (Jul 23)
- Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures Simon Josefsson (Jul 23)
- Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures Matthew G. Harrigan (Jul 23)