VULHUB ™

Oracle WebDB is part of the Oracle Internet Application Server package, distributed by Oracle Corporation. A problem exists which can allow users unauthorized access to restricted resources. The problem occurs in the ability to query a running database using HTTP requests and PL/SQL. By sending a custom crafted query to the HTTPD, it is possible for a remote user to discover sensitive information within the database such as DAD names, type and version of database software, . In addition to discovery of the DAD, it's possible for a remote user to browser through and manipulate data within the running database, and possibly alter the web interface. These problems make it possible for a user with malicious intent to query a database for sensitive information, and further manipulate data within the database itself.

Oracle WebDB is part of the Oracle Internet Application Server package, distributed by Oracle Corporation. A problem exists which can allow users unauthorized access to restricted resources. The problem occurs in the ability to query a running database using HTTP requests and PL/SQL. By sending a custom crafted query to the HTTPD, it is possible for a remote user to discover sensitive information within the database such as DAD names, type and version of database software, . In addition to discovery of the DAD, it's possible for a remote user to browser through and manipulate data within the running database, and possibly alter the web interface. These problems make it possible for a user with malicious intent to query a database for sensitive information, and further manipulate data within the database itself.