APP: Oracle Secure Backup Administration Server Authentication Bypass
This signature detects attempts to exploit a known vulnerability in Oracle Secure Backup 10.2.0.3 and prior. A successful attack can bypass authentication and allow arbitrary command execution within the context of the user account, typically administrator.
Extended Description
Oracle Secure Backup is prone to a remote authentication-bypass vulnerability that can be exploited over the 'HTTP' protocol. An attacker doesn't require privileges to exploit this vulnerability. The attacker can leverage this issue to gain administrative access to the affected application. This vulnerability affects versions prior to Oracle Secure Backup 10.2.0.3.
Affected Products
Oracle secure_backup
References
BugTraq: 35672
CVE: CVE-2009-1977
URL: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html
Short Name
APP:ORACLE:SBAS-AUTH-BYPASS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Administration Authentication Backup Bypass CVE-2009-1977 Oracle Secure Server bid:35672
Release Date
08/21/2009
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3730
False Positive
Unknown
Vendors
Oracle
CVSS Score
10.0