Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:ORACLE:SBA-CMD-INJ

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Oracle Secure Backup Administration Bypass

Release Date

 2009/09/18

Update Number

 1508

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Oracle Secure Backup Administration Bypass


This signature detects attempts to exploit a known vulnerability against Secure Backup Administration Server. A successful attack can lead to arbitrary code execution.

Extended Description

Oracle Secure Backup is prone to a remote arbitrary command-execution vulnerability that can be exploited over the 'HTTP' protocol. An authenticated attacker with 'Valid Session' privileges can exploit this issue. The attacker can leverage this issue to execute arbitrary commands with Oracle SYSTEM account privileges.

Affected Products

  • Oracle Secure Backup 10.1.0.1
  • Oracle Secure Backup 10.1.0.2
  • Oracle Secure Backup 10.1.0.3
  • Oracle Secure Backup 10.2.0.2
  • Oracle Secure Backup 10.3.0.1.0

References

  • BugTraq: 41616
  • BugTraq: 35678
  • CVE: CVE-2010-0899
  • CVE: CVE-2009-1978

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out