|
Family: Databases --> Category: infos
Oracle 9iAS PORTAL_DEMO ORG_CHART Vulnerability Scan
Vulnerability Scan Summary Tests for presence of Oracle9iAS PORTAL_DEMO.ORG_CHART
Detailed Explanation for this Vulnerability Test
In your installation of Oracle 9iAS, it is possible to access
a demo (PORTAL_DEMO.ORG_CHART) via mod_plsql. Access to these pages should
be restricted, because it may be possible to abuse this demo for
SQL Injection attacks.
Solution:
Remove the Execute for Public grant from the PL/SQL package in schema
PORTAL_DEMO (REVOKE execute ON portal_demo.org_chart FROM public
).
Please check also Oracle Security Alert 61 for patch-information.
Reference : http://otn.oracle.com/deploy/security/pdf/2003alert61_2.pdf
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|