Oracle.Secure.Backup.Cookies.Command.Injection

description-logoDescription

This indicates an attack attempt against a command-injection vulnerability in Oracle Secure Backup.
The vulnerability is caused by an error when the CGI program "login.php" handles a specially crafted HTTP request. It allows a remote attacker to inject arbitrary commands.

affected-products-logoAffected Products

Oracle Secure Backup 10.2.0.3
Oracle Secure Backup 10.2.0.2
Oracle Secure Backup 10.1.0.3
Oracle Secure Backup 10.1.0.2
Oracle Secure Backup 10.1.0.1

Impact logoImpact

System Compromise

recomended-action-logoRecommended Actions

Apply the patch available at the following website:

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)