mailing list archives
Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures
From: srompf () TELEMATION DE (Stefan Rompf)
Date: Wed, 23 Jul 1997 14:40:29 +0200
At 00:15 23.07.97 +0200, Simon Josefsson wrote:
Fellow bugtraqers, I stumpled over this tonight. It's a DoS-attack
against a Oracle Webserver 2.1 that serves PL/SQL stored procedures.
The old Oracle Webserver 188.8.131.52.2 cannot be attacked this way. There seem
to be hard limits of 32 lines HTTP-Request, 1540 chars on the GET/HEAD
statement and 4096 chars on every additional header line.