This host is running Oracle database or application server and is prone to SQL command execution vulnerability.

Successful exploitation allows an attackers to send a specially-crafted HTTP request to bypass the PLSQLExclusion list and execute SQL commands on the back-end database with DBA privileges. Impact Level: Application

Apply patches from below link, http://www.oracle.com/technetwork/topics/security/cpuapr2006-090826.html

The flaw is due to error in Oracle PL/SQL Gateway, which fails to properly validate user-supplied HTTP requests.

Oracle Database server versions 9.2.0.7 and 10.1.0.5 Oracle Application server versions 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1 and 10.1.3.0.0

• http://securitytracker.com/id?1015961
• http://www.kb.cert.org/vuls/id/169164
• http://www.securityfocus.com/archive/1/archive/1/423819/100/0/threaded
• http://www.securityfocus.com/archive/1/archive/1/423822/100/0/threaded
• http://xforce.iss.net/xforce/xfdb/24363

---

Updated on 2017-03-28