DB: TNS Declare/Exec SQL Injection
This signature detects a possible attempt at SQL injection. An attacker can use SQL over TNS to "declare" a variable (varchar) with an exploit encoded inside it. An "exec" command executed on the variable then executes the encoded exploit. These functions have non-malicious application and therefore should only be used between an HTTP server front-end and the Oracle database server back-end, and not between an administrator's management station and the database server or false positives can result.
Short Name
DB:ORACLE:DECLARE-EXEC
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
DB
Keywords
Declare/Exec Injection SQL TNS
Release Date
02/26/2009
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown