Oracle.Secure.Backup.Administration.Other.Code.Execution
Description
This indicates an attack attempt against a command-injection vulnerability in Oracle Secure Backup.
A vulnerability has been reported in Oracle Secure Backup that may allow an attacker to execute shell commands on a vulnerable system. This is possible because the user input filters fail to properly sanitize the "other" parameter value that is passed to "property_box.php". An attacker may include shell commands by supplying an injection string through the URL and a good string through POST or the COOKIE.
Affected Products
Oracle Secure Backup 10.3.0.1 and prior versions
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Refer to the vendor's web site for the suggested workaround:
http://www.oracle.com/technetwork/topics/security/cpujul2010-155308.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |