|
|
Info |
Last Modified |
| about 1 year ago |
|
|
|
|
|
Description |
Oracle Database contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the UPDATE_JOB, ACTIVE_JOB, ATTACH_POSSIBLE, ATTACH_TO_JOB, CREATE_NEW_JOB, DELETE_JOB, DELETE_MASTER_TABLE, DETACH_JOB, GET_JOB_INFO, GET_JOB_QUEUES, GET_SOLE_JOBNAME, MASTER_TBL_LOCK and VALID_HANDLE functions not properly sanitizing user-supplied input to unspecified variable(s). This may allow an attacker to inject or manipulate SQL queries in the backend database.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Information Disclosure,
Input Manipulation
Impact:
Loss of Confidentiality,
Loss of Integrity
Exploit:
Exploit Rumored / Private
Disclosure:
OSVDB Verified,
Vendor Verified
OSVDB:
Web Related
|
|
Solution |
Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle Corporation has released a patch to address this vulnerability.
|
|
Products |
|
Oracle Database
 |
Standard Edition 0.4.2 |
Standard Edition 0.4 |
Standard Edition 0.3.1 |
Standard Edition 0.3 |
Standard Edition 0.2 |
Enterprise Edition 0.2 |
Application Server 0.4.2 |
Application Server 0.4 |
Application Server 0.3 |
Application Server 0.2 |
Personal Edition 0.5 |
Personal Edition 0.3.1 |
Personal Edition 0.4.2 |
Personal Edition 0.4 |
Personal Edition 0.3 |
Personal Edition 0.2 |
Enterprise Edition 0.4.2 |
Enterprise Edition 0.4 |
Enterprise Edition 0.3.1 |
Enterprise Edition 0.3 |
Application Server 0.3.1 |
|
|
|
|
Credit |
- Alexander Kornbrust - ak
 red-database-security.com - Red Database Security GmbH
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
