Short Name |
DB:ORACLE:USERNAME-DUMP |
---|---|
Severity |
Warning |
Recommended |
No |
Category |
DB |
Keywords |
Oracle Username Dump |
Release Date |
2004/09/15 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against an Oracle database. Attackers can send SQL queries for the list of all usernames permitted to access the database. Although these queries can occur during normal DB operations, they can indicate that an attacker is attempting to enumerate valid DB users.
An attempt to obtain the list of all the user names in an Oracle database may indicate that a SQL injection attack attempt is underway.