HTTP: SQL Injection Detected on HTTP Request Variable 2
This signature detects specific characters, typically used in SQL procedures, within an HTTP connection. Because these characters are not normally used in HTTP, this can indicate a SQL injection attack through a procedure. However, it can be a false positive. To reduce False Positives, it is strongly recommended that these signatures only be used to inspect traffic from the Internet to your organization's web servers that use SQL backend databases to generate content and not to inspect traffic going from your organization to the Internet.
Extended Description
Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to General utilities, a different vulnerability than CVE-2016-0518.
Affected Products
Oracle e-business_suite
References
BugTraq: 40430 39795 37938 45503 41058 22808 37703 68495
CVE: CVE-2018-6577
URL: http://seclists.org/fulldisclosure/2014/Jul/44 https://gist.github.com/brandonprry/76741d9a0d4f518fe297
Short Name
HTTP:SQL:INJ:REQ-VAR-2
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
2 CVE-2007-1297 CVE-2010-0461 CVE-2010-0678 CVE-2010-0723 CVE-2010-0763 CVE-2010-1045 CVE-2010-1069 CVE-2010-2051 CVE-2010-2148 CVE-2010-2513 CVE-2010-2853 CVE-2010-3029 CVE-2010-4614 CVE-2010-5083 CVE-2011-4026 CVE-2014-4977 CVE-2016-0517 CVE-2017-8917 CVE-2018-6577 CVE-2018-8734 Detected HTTP Injection Request SQL Variable bid:22808 bid:37703 bid:37938 bid:39795 bid:40430 bid:41058 bid:45503 bid:68495 on
Release Date
03/02/2015
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3337
False Positive
Frequently
Vendors
Oracle
CVSS Score
7.5
6.5
6.8
6.4