Oracle XSQL Sample Application Vulnerability Network Vulnerability

Summary

One of the sample applications that comes with the Oracle XSQL Servlet allows an attacker to make arbitrary queries to the Oracle database (under an unprivileged account). Whilst not allowing an attacker to delete or modify database contents, this flaw can be used to enumerate database users and view table names.

Solution

Sample applications should always be removed from production servers. Reference : http://www.kb.cert.org/vuls/id/717827

Severity

Classification

CVE CVE-2002-1630, CVE-2002-1631, CVE-2002-1632

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Assesi 'bg' Parameter SQL Injection vulnerability
AlienVault OSSIM Multiple Remote Code Execution Vulnerabilities
Arkeia Appliance Multiple Vulnerabilities
ASP Inline Corporate Calendar SQL injection
'research_display.php' SQL Injection Vulnerability

Take action and discover your vulnerabilities