DB: Oracle Warehouse Builder Multiple SQL Injections
This signature detects attempts to exploit a known vulnerability in Oracle Warehouse Builder. It is due to insufficient validation of user-supplied input. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
Extended Description
Oracle Database Server is prone to a remote vulnerability in Oracle Warehouse Builder. The vulnerability can be exploited over the 'Oracle Net' protocol. For an exploit to succeed, the attacker must have 'Oracle Warehouse Builder User Account' privileges. This vulnerability affects the following supported versions: 10.2.0.5 (OWB), 11.1.0.7, 11.2.0.1
Affected Products
Oracle oracle10g_enterprise_edition
References
BugTraq: 47431
CVE: CVE-2011-0799
URL: http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
Short Name
DB:ORACLE:WAREHOUSE-BUILDER
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
DB
Keywords
Builder CVE-2011-0799 Injections Multiple Oracle SQL Warehouse bid:47431
Release Date
07/21/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3660
False Positive
Unknown
Vendors
Oracle
CVSS Score
6.5