Oracle Database Server SQL Injection in SYS.DBMS_SQLTUNE_INTERNAL package
Gravità: : Critico
Identificatori CVE: CVE-2006-5338
Data notifica: 21 luglio 2015
Descrizione
Unspecified vulnerability in the Core RDBMS component in Oracle Database 10.1.0.5 and 10.2.0.0 has unknown impact and remote authenticated attack vectors related to sys.dbms_sqltune, aka Vuln# DB10. NOTE: as of 20061023, Oracle has not disputed reports from reliable third parties that DB10 is for SQL injection in DROP_SQLSET, DELETE_SQLSET, SELECT_SQLSET, and I_SET_TUNING_PARAMETER. NOTE: some of these vectors might be in DBMS_SQLTUNE_INTERNAL.
Informazioni esposizione:
Apply associated Trend Micro DPI Rules.
Soluzioni
Trend Micro Deep Security DPI Rule Number: 1000824
Trend Micro Deep Security DPI Rule Name: 1000824 - Oracle Database Server SQL Injection In Multiple Procedures Of DBMS_SQLTUNE_INTERNAL Package
Software e versione interessati:
- Oracle Oracle10g Database Server 10.1.0.5
- Oracle Oracle10g Database Server 10.2.0.0