APP: Oracle WebUI Command Injection

This signature detects attempts to inject server commands via a WebUI restart. A successful exploitation can allow the attacker to execute arbitrary commands.

Extended Description

Reportedly, multiple unspecified Oracle products contain multiple unspecified vulnerabilities. The reported vulnerabilities include SQL-injection issues, buffer-overflow issues, and others. There have also been reports that issues covered in this BID and resolved in the referenced Oracle patch include trigger-abuse issues, character-set-conversion bugs, and denial-of-service vulnerabilities. More information is pending. Note that a number of unsupported versions of affected products may also potentially be vulnerable.

Affected Products

Oracle oracle9i_lite

References

BugTraq: 10871

CVE: CVE-2004-1370

URL: http://www.red-database-security.com/advisory/oracle_forms_shutdown.html http://www.us-cert.gov/cas/techalerts/TA04-245A.html http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf

Short Name

APP:ORACLE:WEBUI-CMD-INJ

Severity

Minor

Recommended

False

Recommended Action

None

APP: Oracle WebUI Command Injection

Extended Description

Affected Products

References

Found a potential security threat?