A remote attacker could exploit the vulnerability without authentication and without the need for user interaction. These factors increase the likelihood of attacks. Proof-of-concept code is available that demonstrates a DoS condition on both 32-bit and 64-bit platforms. According to the researcher, the code causes application termination on 32-bit platforms almost instantly; however, on 64-bit platforms an application failure may take several hours.
The failure of a directory server application could affect other applications as well. Any applications that must make LDAP requests as a part of normal operations may be rendered unavailable.
Oracle scored this vulnerability with a nonstandard Partial+
score for the CVSS Availability metric. This scoring indicates that Oracle believes the vulnerability could cause a complete DoS condition on the affected Oracle Application Server process, resulting in a greater-than-normal availability impact.