Oracle.Virtual.Server.Agent.Command.Injection
Description
This indicates an attack attempt against a Command Injection vulnerability in Oracle VM.
The vulnerability is caused by a flaw related to the "ovs-agent" subcomponent's exposure of multiple functions through XML-RPC. It allows a remote authenticated attacker to use the "validate_master_ip" or "utl_test_url" functions to inject arbitrary commands via the "proxy" parameter.
Affected Products
Oracle Virtual Server Agent 2.3
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Refer to the vendor's website for suggested workaround.
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |