Short Name |
APP:ORACLE:SBAS-AUTH-BYPASS |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Oracle Secure Backup Administration Server Authentication Bypass |
Release Date |
2009/08/21 |
Update Number |
1496 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in Oracle Secure Backup 10.2.0.3 and prior. A successful attack can bypass authentication and allow arbitrary command execution within the context of the user account, typically administrator.
Oracle Secure Backup is prone to a remote authentication-bypass vulnerability that can be exploited over the 'HTTP' protocol. An attacker doesn't require privileges to exploit this vulnerability. The attacker can leverage this issue to gain administrative access to the affected application. This vulnerability affects versions prior to Oracle Secure Backup 10.2.0.3.