CVE-2008-2595

Oracle Internet Directory 9.0.4.3, 10.1.2.3, 10.1.4.2 - Denial of Service via Malformed LDAP Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2595. PoCs published by Joxean Koret.

AI-analyzed exploit summary This exploit targets a pre-authentication Denial of Service (DoS) vulnerability in Oracle Internet Directory 10.1.4 by sending a malformed packet to crash the service. It includes a health check to verify the success of the attack.

Description

Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.4.2 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a denial of service (crash) via a malformed LDAP request that triggers a NULL pointer dereference.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Joxean Koret · pythondosmultiple

https://www.exploit-db.com/exploits/6101

View Code ZIP pw:eip

This exploit targets a pre-authentication Denial of Service (DoS) vulnerability in Oracle Internet Directory 10.1.4 by sending a malformed packet to crash the service. It includes a health check to verify the success of the attack.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Oracle Internet Directory 10.1.4

No auth needed

Prerequisites: Network access to the target LDAP service

MITRE ATT&CK