| VID |
22231 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Oracle 9iAS Portal demo pages (PORTAL_DEMO.ORG_CHART) are possible to access via mod_plsql. These pages may allow a remote unauthenticated attacker to inject malicious SQL syntax into database queries through a URL. Oracle's RDBMS supports stored packages and procedures using PL/SQL. These packages and procedures can be accessed through Oracle Application Server's Portal module. Oracle Application Server is a web server designed for Oracle applications. Many of the PL/SQL packages and procedures are vulnerable to SQL Injection.
Oracle9i Application Server Portal Release 1 versions 3.0.9.8.5 and earlier and Portal Release 2 versions 9.0.2.3.0 and earlier are vulnerable to SQL injection, caused by a vulnerability in the List of Values (LOVs), Portal DB Provider Forms, Portal DB Provider Hierarchy, and Portal DB Provider XML components. A remote unauthenticated attacker could send a specially-crafted URL request containing arbitrary SQL code to gain unauthorized access to user data, which would allow the attacker to add, modify or delete user data in the Oracle9i Application Server.
* References:
http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf
http://www.securiteam.com/securitynews/6C0021P8UQ.html
http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0032.html
* Platforms Affected:
Oracle9i Application Server Portal Release 1, v3.0.9.8.5 and earlier
Oracle9i Application Server Portal Release 2, v9.0.2.3.0 and earlier
Windows Any version
Unix Any version
Linux Any version |
| Recommendation |
Apply the appropriate patch for your system, as listed in Oracle Security Alert #61, http://otn.oracle.com/deploy/security/pdf/2003alert61_2.pdf
Oracle has released patch 3068980 for Portal Release 1 version 3.0.9.8.5 and patch 2852895 for Portal Release 2 version 9.0.2.3.0. Users may download that patches from Oracle metalink site at http://metalink.oracle.com .
-- OR --
As a workaround, remove the Execute for Public grant from the PL/SQL package in schema PORTAL_DEMO (REVOKE execute ON portal_demo.org_chart FROM public;). |
| Related URL |
CVE-2003-1193 (CVE) |
| Related URL |
8966 (SecurityFocus) |
| Related URL |
13593 (ISS) |
|
