|Category:||Web application abuses|
|Title:||Oracle XSQL Sample Application Vulnerability|
|Summary:||One of the sample applications that comes with; the Oracle XSQL Servlet allows an attacker to make arbitrary queries to; the Oracle database (under an unprivileged account).|
One of the sample applications that comes with
the Oracle XSQL Servlet allows an attacker to make arbitrary queries to
the Oracle database (under an unprivileged account).
Whilst not allowing an attacker to delete or modify database
contents, this flaw can be used to enumerate database users and view table names.
Sample applications should always be removed from
BugTraq ID: 6556|
Common Vulnerability Exposure (CVE) ID: CVE-2002-1630
CERT/CC vulnerability note: VU#717827
XForce ISS Database: oracle-appserver-sendmail-sample(8664)
Common Vulnerability Exposure (CVE) ID: CVE-2002-1631
Common Vulnerability Exposure (CVE) ID: CVE-2002-1632
XForce ISS Database: oracle-appserver-info-sample(8665)
|Copyright||This script is Copyright (C) 2001 Matt Moore|
|This is only one of 58962 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.