DB: Oracle ISQL*Plus load.uix Access
This signature detects access to the load.uix file on an SQL server. This webserver allows read access to any file on the server allowable by the service process. An attacker could obtain sensitive server configuration information such as /etc/passwd or c:\boot.ini.
Extended Description
Reportedly, multiple unspecified Oracle products contain multiple unspecified vulnerabilities. The reported vulnerabilities include SQL-injection issues, buffer-overflow issues, and others. There have also been reports that issues covered in this BID and resolved in the referenced Oracle patch include trigger-abuse issues, character-set-conversion bugs, and denial-of-service vulnerabilities. More information is pending. Note that a number of unsupported versions of affected products may also potentially be vulnerable.
Affected Products
Oracle oracle9i_lite
Short Name
DB:ORACLE:SQL-PLUS-LOAD-UIX
Severity
Warning
Recommended
False
Recommended Action
None
Category
DB
Keywords
Access CVE-2004-1368 ISQL*Plus Oracle bid:10871 load.uix
Release Date
03/03/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
TCP/5560
False Positive
Unknown
Vendors
Oracle
Sun
CVSS Score
7.8