Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 APP:ORACLE:SBAS-AUTH-BYPASS

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 APP

Keywords

 Oracle Secure Backup Administration Server Authentication Bypass

Release Date

 2009/08/21

Update Number

 1496

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

APP: Oracle Secure Backup Administration Server Authentication Bypass


This signature detects attempts to exploit a known vulnerability in Oracle Secure Backup 10.2.0.3 and prior. A successful attack can bypass authentication and allow arbitrary command execution within the context of the user account, typically administrator.

Extended Description

Oracle Secure Backup is prone to a remote authentication-bypass vulnerability that can be exploited over the 'HTTP' protocol. An attacker doesn't require privileges to exploit this vulnerability. The attacker can leverage this issue to gain administrative access to the affected application. This vulnerability affects versions prior to Oracle Secure Backup 10.2.0.3.

Affected Products

  • Oracle Secure Backup 10.1.0.1
  • Oracle Secure Backup 10.1.0.2
  • Oracle Secure Backup 10.1.0.3
  • Oracle Secure Backup 10.2.0.2
  • Oracle Secure Backup 10.3.0.1.0

References

  • BugTraq: 35672
  • CVE: CVE-2009-1977
  • URL: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out