Oracle Database Server SQL Injection In GRANT_TYPE_ACCESS Procedure Of DBMS_AQADM_SYS Package
Publish Date: 21 de lipca de 2015
Severity: : Medium
CVE Kennungen: : CVE-2009-0977
Advisory Date: 21 de lipca de 2015
DESCRIPTION
Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_AQIN. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is SQL injection in the GRANT_TYPE_ACCESS procedure in the DBMS_AQADM_SYS package.
INFORMATION EXPOSURE
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1003434
Trend Micro Deep Security DPI Rule Name: 1003434 - Oracle Database Server SQL Injection In GRANT_TYPE_ACCESS Procedure Of DBMS_AQADM_SYS Package
AFFECTED SOFTWARE AND VERSION:
- oracle database_10g 10.1.0.5
- oracle database_10g 10.2.0.3
- oracle database_9i 9.2.0.8
- oracle database_9i 9.2.0.8dv