Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-3206 — Oracle Database Server vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

27.0%

top 3.62%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Oracle Database Server

Timeline

PublishedOct 14

Latest updateMay 1

Description

iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to cause a denial of service (TNS listener stop) via an HTTP request with an sid parameter that contains a STOP command.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDoracle/database_server9.0.2.4

Patches

Patch: secunia.com ↗Patch: www.oracle.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-chv3-wh4m-6472: iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9↗2022-05-01

▶

CVEList

CVE-2005-3206: iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9↗2005-10-14

▶

💥Exploits & PoCs

Exploit-DB

Oracle 9.0 iSQL*Plus - TLS Listener Remote Denial of Service↗2005-10-07

▶