Signature Detail
Short Name |
DB:ORACLE:WAREHOUSE-SHADOWTABLE |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
DB |
Keywords |
Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL Injection |
Release Date |
2011/07/25 |
Update Number |
1960 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+ |
DB: Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL Injection
This signature detects attempts to exploit a known vulnerability in the Oracle Warehouse Builder. It is due to insufficient validation of user-supplied input. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
Extended Description
Oracle Database Server is prone to a remote vulnerability in Oracle Warehouse Builder. The vulnerability can be exploited over the 'Oracle Net' protocol. For an exploit to succeed, the attacker must have 'Oracle Warehouse Builder User Account' privileges. This vulnerability affects the following supported versions: 10.2.0.5 (OWB), 11.1.0.7, 11.2.0.1
Affected Products
- Oracle Oracle10g Enterprise Edition 10.2.0 .5
- Oracle Oracle10g Enterprise Edition 11.1.0.7
- Oracle Oracle10g Enterprise Edition 11.2.0.1
- Oracle Oracle10g Standard Edition 10.2.0 .5
References
- BugTraq: 47431
- CVE: CVE-2011-0799