DB: Oracle PITRIG TRUNCATE DROP Injection
This signature detects attempts to exploit a known vulnerability against Oracle Database Server XDB. A successful attack can allow attackers to inject SQL statements without authentication.
Extended Description
Oracle has released its critical patch update for January 2008. The advisory addresses 26 vulnerabilities affecting Oracle Database, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite, Oracle Enterprise Manager, and Oracle People Soft Enterprise. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly compromise affected computers.
Affected Products
Oracle oracle10g_application_server
References
BugTraq: 27229
CVE: CVE-2008-0339
URL: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2008.html
Short Name
DB:ORACLE:PITRIG-TRUNC-DROP
Severity
Major
Recommended
False
Recommended Action
Drop
Category
DB
Keywords
CVE-2008-0339 DROP Injection Oracle PITRIG TRUNCATE bid:27229
Release Date
02/21/2008
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3729
False Positive
Unknown
Vendors
Oracle
CVSS Score
10.0