Signature Detail
Short Name |
DB:ORACLE:WAREHOUSE-BUILDER |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
DB |
Keywords |
Oracle Warehouse Builder Multiple SQL Injections |
Release Date |
2011/07/21 |
Update Number |
1959 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
DB: Oracle Warehouse Builder Multiple SQL Injections
This signature detects attempts to exploit a known vulnerability in Oracle Warehouse Builder. It is due to insufficient validation of user-supplied input. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
Extended Description
Oracle Database Server is prone to a remote vulnerability in Oracle Warehouse Builder. The vulnerability can be exploited over the 'Oracle Net' protocol. For an exploit to succeed, the attacker must have 'Oracle Warehouse Builder User Account' privileges. This vulnerability affects the following supported versions: 10.2.0.5 (OWB), 11.1.0.7, 11.2.0.1
Affected Products
- Oracle Oracle10g Enterprise Edition 10.2.0 .5
- Oracle Oracle10g Enterprise Edition 11.1.0.7
- Oracle Oracle10g Enterprise Edition 11.2.0.1
- Oracle Oracle10g Standard Edition 10.2.0 .5
References
- BugTraq: 47431
- CVE: CVE-2011-0799