Family: Databases --> Category: infos
Oracle XSQL Sample Application Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Tests for Oracle XSQL Sample Application Vulnerability
Detailed Explanation for this Vulnerability Test
One of the sample applications that comes with
the Oracle XSQL Servlet allows a possible hacker to make arbitrary queries to
the Oracle database (under an unprivileged account).
Whilst not allowing a possible hacker to delete or modify database contents,
this flaw can be used to enumerate database users and view table names.
Solution: Sample applications should always be removed from
Reference : http://www.kb.cert.org/vuls/id/717827
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.