Short Name |
HTTP:ORACLE:SBA-CMD-INJ |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Oracle Secure Backup Administration Bypass |
Release Date |
2009/09/18 |
Update Number |
1508 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Secure Backup Administration Server. A successful attack can lead to arbitrary code execution.
Oracle Secure Backup is prone to a remote arbitrary command-execution vulnerability that can be exploited over the 'HTTP' protocol. An authenticated attacker with 'Valid Session' privileges can exploit this issue. The attacker can leverage this issue to execute arbitrary commands with Oracle SYSTEM account privileges.