A denial of service vulnerability exists in Oracle TimesTen In-Memory Database service. The vulnerability is due to an input validation error while parsing HTTP GET requests. Remote unauthenticated attackers can exploit this vulnerability by sending a specially crafted HTTP request to the timestend daemon listening on port 17000/TCP.

Successful exploitation would cause the database service to terminate abnormally, resulting in the Denial of Service condition.

• Oracle TimesTen In-Memory Database (7.0.5)

• Access vector is NETWORK
• Access complexity is LOW
• Level of authentication required is NONE
• Impact of this vulnerability on data confidentiality is NONE
• Impact of this vulnerability on data integrity is NONE
• Impact of this vulnerability on data availability is COMPLETE

• The exploitability level of this vulnerability is PROOF OF CONCEPT
• The remediation level of this vulnerability is UNAVAILABLE
• The report confidence level of this vulnerability is UNCORROBORATED