Lucene search
John Simpson of Trend Micro Security ResearchZDI-21-1231HistoryOct 21, 2021 - 12:00 a.m.
Oracle E-Business Suite Content-Length Memory Exhaustion Denial-Of-Service Vulnerability
2021-10-2100:00:00
John Simpson of Trend Micro Security Research
www.zerodayinitiative.com
8
0.015 Low
EPSS
Percentile
86.7%
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Oracle E-Business Suite. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the Content-Length HTTP header. The issue results from the lack of proper validation of user-supplied data, which can result in a memory exhaustion condition. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
Related
prion
prion
Design/Logic Flaw
2021-10-20 11:17:00
cvelist
cvelist
CVE-2021-35611
2021-10-20 10:50:49
cve
cve
CVE-2021-35611
2021-10-20 11:17:09
cnvd
cnvd
Oracle E-Business Suite Denial of Service Vulnerability (CNVD-2022-02348)
2021-10-20 00:00:00
nvd
nvd
CVE-2021-35611
2021-10-20 11:17:09
nessus
nessus
Oracle E-Business Suite Multiple Vulnerabilities (Oct 2021 CPU)
2021-10-21 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00