A denial of service vulnerability has been reported in Oracle TimesTen In-Memory Database service. The vulnerability is due to an input validation error while parsing specially crafted HTTP GET requests. Remote unauthenticated attackers can exploit this vulnerability by sending an overly large HTTP request to the 'timestend' daemon running on port 17000/TCP.

Successful exploitation would cause the database service to terminate abnormally, resulting in the Denial of Service condition.

A patch or new revision is not available as of now. As a workaround, allow only trusted users to access the affected service.

• Oracle TimesTen In-Memory Database 7.0.5

• Access vector is NETWORK
• Access complexity is LOW
• Level of authentication required is NONE
• Impact of this vulnerability on data confidentiality is NONE
• Impact of this vulnerability on data integrity is NONE
• Impact of this vulnerability on data availability is COMPLETE

• The exploitability level of this vulnerability is PROOF OF CONCEPT
• The remediation level of this vulnerability is UNAVAILABLE
• The report confidence level of this vulnerability is UNCORROBORATED