COMMAND

    Oracle Web Listener

SYSTEMS AFFECTED

    Oracle Web Listener for AIX

PROBLEM

    Peter Grundl found following.  He tested following:

        Oracle_Web_Listener/4.0.7.0.0 for AIX
        Oracle_Web_Listener/4.0.8.1.0 for AIX

    Vulnerable is possibly other  operating systems as well,  this has
    not been tested.

    By issuing a malformed URL (variations on "..") it is possible  to
    cause a Denial of Service situation where the  Oracle_Web_Listener
    will no longer  accept HTTP requests  and the service  needs to be
    restarted.

SOLUTION

    Systems not Affected:

        Oracle_Web_Listener/4.0.8.0.0 for Windows NT
        Oracle_Web_Listener/4.0.8.1.0 for Windows NT
        Oracle_Web_Listener/4.0.8.2.0 for Windows NT
        Oracle_Web_Listener/4.0.8.1.0 for Sun

    Older versions  are no  longer supported  since 1st  of June 2000,
    which  means  4.0.7.0.0  will  never  be fixed.  The vulnerability
    still exist in  4.0.8.1.0, and is  unlikely to have  been adressed
    in 4.0.8.2.0.