[NEWS] Oracle CTX_DOC Package Multiple SQL Injection Flaws
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 21 Oct 2007 16:32:09 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
- - - - - - - - -
Oracle CTX_DOC Package Multiple SQL Injection Flaws
The Intermedia application in Oracle 10g release 1 and 2 is vulnerable to
* Oracle 10g release 1
* Oracle 10g release 2
The Intermedia application, owned by CTXSYS, contains a package called
CTX_DOC. This package contains multiple SQL injection flaws. The following
procedures on this package provide vectors for SQL injection attacks:
These can be exploited by a database user; further they can be exploited
via Oracle Application Server by an attacker without a user ID and
password across the Internet.
Oracle was alerted to these flaws on the 6th of June 2005. A patch has now
been made available:
The information has been provided by <mailto:davidl@xxxxxxxxxxxxxxx>
The original article can be found at:
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [NT] Microsoft WM5 PocketPC Phone Ed SMS Handler Issue
- Next by Date: [NEWS] Oracle XMLDB FTP Service Audit Log Vulnerability
- Previous by thread: [NT] Microsoft WM5 PocketPC Phone Ed SMS Handler Issue
- Next by thread: [NEWS] Oracle XMLDB FTP Service Audit Log Vulnerability