CVE-2004-2244

3 documents3 sources

Severity

5.0MEDIUM

EPSS

0.8%

top 25.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Application Server Oracle Oracle9i

Timeline

PublishedDec 31

Latest updateApr 29

Description

The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP message containing a crafted DTD.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDoracle/application_server4 versions+3

▶NVDoracle/oracle9i9 versions+8

Patches

Patch: otn.oracle.com ↗Patch: secunia.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-f4jq-w2hv-rqcj: The XML parser in Oracle 9i Application Server Release 2 9↗2022-04-29

▶

CVEList

CVE-2004-2244: The XML parser in Oracle 9i Application Server Release 2 9↗2005-07-17

▶