[4995] in bugtraq
Re: DoS against Oracle Webserver 2.1 with PL/SQL stored procedures
daemon@ATHENA.MIT.EDU (Simon Josefsson)
Wed Jul 23 13:36:38 1997
Date: Wed, 23 Jul 1997 15:14:36 +0200
Reply-To: Simon Josefsson <jas@PDC.KTH.SE>
From: Simon Josefsson <jas@PDC.KTH.SE>
X-To: Ross Potts <rpotts@med.osd.mil>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: "Ross Potts"'s message of "Wed, 23 Jul 1997 07:22:00 -0400"
"Ross Potts" <rpotts@med.osd.mil> writes:
> The server dumps quietly because the DBA probably hasn't set up the
> database correctly.
I still think the web server should log the GET string to the
apropriate logs, and stuff like that -- I can't see how that could
depend on how the DB is set up.
O well, let's see if publishing this causes Oracle to do anything --
I've mailed and phoned their support about things that provokes
internal errors but they haven't answered (not even saying they where
looking at the problem). As I hear Oracle's support is good, they
probably just hates me.
Take care,
Simon
