Multiple SQL-injection vulnerabilities in Oracle 9i Application Server and RDBMS

Reported November 5, 2003, by NGSSoftware.

 

 

VERSIONS AFFECTED

 

  • Oracle9i Application Server Releases 1 and 2

  • Oracle Relational Database Management System (RDBMS)

 

DESCRIPTION

 

Multiple SQL-injection vulnerabilities in Application Server and RDBMS can result in remote compromise of the vulnerable server. Many of the Procedural Level (PL)/SQL packages and procedures that Application Server uses are vulnerable to SQL injection. An unauthenticated attacker can exploit these vulnerabilities to gain access from the Internet to all data in the database.

 

VENDOR RESPONSE

 

Oracle has released an alert regarding this vulnerability.

 

CREDIT
 

Discovered by NGSSoftware.

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish