CVE-2005-3206

Oracle9i Database Server Release 2 9.0.2.4 - DoS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3206. PoCs published by Alexander Kornbrust.

AI-analyzed exploit summary This exploit leverages a crafted HTTP request to Oracle iSQL*PLUS to stop the TNS Listener service, resulting in a denial of service (DoS). The vulnerability is triggered by injecting a malformed SID parameter containing a TNS command to stop the listener.

Description

iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to cause a denial of service (TNS listener stop) via an HTTP request with an sid parameter that contains a STOP command.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Alexander Kornbrust · textdosmultiple

https://www.exploit-db.com/exploits/26331

View Code ZIP pw:eip

This exploit leverages a crafted HTTP request to Oracle iSQL*PLUS to stop the TNS Listener service, resulting in a denial of service (DoS). The vulnerability is triggered by injecting a malformed SID parameter containing a TNS command to stop the listener.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Oracle Database 9.0.2.4 (iSQL*PLUS)

No auth needed

Prerequisites: Network access to the Oracle iSQL*PLUS service (typically port 3339)

MITRE ATT&CK