Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures

Stefan Rompf (srompf@TELEMATION.DE)
Wed, 23 Jul 1997 14:40:29 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Simon Josefsson: "Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures"
Previous message: Ross Potts: "Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures"
Maybe in reply to: Simon Josefsson: "DoS against Oracle Webserver 2.1 with PL/SQL stored procedures"
Next in thread: Simon Josefsson: "Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures"

At 00:15 23.07.97 +0200, Simon Josefsson wrote:

>Fellow bugtraqers, I stumpled over this tonight. It's a DoS-attack
>against a Oracle Webserver 2.1 that serves PL/SQL stored procedures.

The old Oracle Webserver 1.0.2.0.2 cannot be attacked this way. There seem
to be hard limits of 32 lines HTTP-Request, 1540 chars on the GET/HEAD
statement and 4096 chars on every additional header line.

Stefan

Next message: Simon Josefsson: "Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures"
Previous message: Ross Potts: "Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures"
Maybe in reply to: Simon Josefsson: "DoS against Oracle Webserver 2.1 with PL/SQL stored procedures"
Next in thread: Simon Josefsson: "Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures"