Intrusion Prevention

Oracle.TimesTen.Format.String

Description

This indicates an attempt to exploit a format string vulnerability in Oracle TimesTen server.
The vulnerability is caused by an error that occurs when the vulnerable software handles a malicious command received from clients. It allows a remote attacker to cause a crash of the vulnerable software by sending a crafted http request.

Affected Products

Oracle TimesTen prior to version 7.0.5.1.0.

Impact

Denial of Service: Remote attackers can cause vulnerable systems to crash.

Recommended Actions

Refer to the vendor's web site for suggested workground:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html

CVE References

CVE-2008-5440