Short Name |
DB:ORACLE:SYS:KUPVFT-UNSAFE |
---|---|
Severity |
Major |
Recommended |
No |
Category |
DB |
Keywords |
Oracle SYS.KUPV Unsafe Command |
Release Date |
2007/03/05 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Oracle Database SYS.KUPV module. A successful attack can lead to arbitrary code execution.
Oracle 10g is prone to multiple SQL-injection vulnerabilities. These issues affect various functions of the 'SYS.KUPV$FT' package. Exploiting these vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in the modification of query logic or other attacks. Successful exploitation may allow the attacker to compromise the application, retrieve sensitive information, or modify data; other consequences are possible as well. Oracle 10g Release 1 and prior versions are considered vulnerable to these issues. These issues are part of the vulnerabilities addressed by Oracle in Oracle Critical Patch Update - January 2006. Please see BID 16287 (Oracle January Security Update Multiple Vulnerabilities) for more information.