Description

The Oracle Discoverer servlet in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to shut down an Oracle TNS Listener via a TNS STOP command in a request that uses the database/TNS alias, aka AS01.

Remediation

References

CVE-2007-2120

Related Vulnerabilities

Python Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2019-9947)

WordPress Plugin Data Tables Generator by Supsystic Cross-Site Scripting (1.10.19)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35463)

WordPress Plugin Watu Quiz Cross-Site Scripting (3.3.8.2)

Joomla! Core 2.5.x Clickjacking Vulnerability (2.5.0 - 2.5.7)

Severity

High

Classification

CVE-2007-2120

Tags

Missing Update Known Vulnerabilities