Short Name |
DB:ORACLE:CREATE_TABLES-INJ |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
DB |
Keywords |
Oracle CREATE_TABLES SQL Injection |
Release Date |
2009/11/11 |
Update Number |
1551 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Oracle Database versions 9i Release 2 9.2.0.8DV, 9i Release 2 9.2.0.8, 10g 10.1.0.5; and 10g Release 2 10.2.0.4, and the CTXSYS.DRVXTABC.CREATE_TABLES function. A successful attack can lead to arbitrary SQL command execution.
Oracle Database is prone to an SQL-injection vulnerability in Oracle Text. The vulnerability can be exploited over the 'Oracle Net' protocol. For an exploit to succeed, the attacker must have 'Execute on CTXSYS.DRVXTABC' privileges. Exploiting this issue could allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This vulnerability affects the following supported versions: 9.2.0.8 9.2.0.8DV 10.1.0.5 10.2.0.4