CVE-2005-3207

Oracle Forms 4.5.10.22 - Denial of Service via Userid Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3207. PoCs published by Alexander Kornbrust.

AI-analyzed exploit summary This exploit demonstrates a DoS vulnerability in Oracle Forms by sending a crafted HTTP request that stops the TNS Listener service. The attack leverages a malformed connection string in the 'userid' parameter to execute the 'STOP' command.

Description

The forms servlet (f90servlet) in Oracle Forms 4.5.10.22 allows remote attackers to cause a denial of service (TNS listener stop) via a userid parameter that contains a STOP command.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Alexander Kornbrust · textdosmultiple

https://www.exploit-db.com/exploits/26336

View Code ZIP pw:eip

This exploit demonstrates a DoS vulnerability in Oracle Forms by sending a crafted HTTP request that stops the TNS Listener service. The attack leverages a malformed connection string in the 'userid' parameter to execute the 'STOP' command.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Oracle Forms versions prior to July 2005

No auth needed

Prerequisites: Network access to the Oracle Forms server

MITRE ATT&CK