Intrusion Prevention

Oracle.Database.SYS.KUPW.WORKER.SQL.Injection

Description

This indicates a possible exploit of a remote SQL injection vulnerability in the SYS.KUPW$Worker package in Oracle database server. Attackers may be able to execute arbitary SQL commands via the first or second parameter in MAIN procedure.

Affected Products

Oracle 10.1.0.5

Impact

SQL injection.

Recommended Actions

Apply the patches for Oracle CPU July 2006.
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2006.html

CVE References

CVE-2006-3698