Intrusion Prevention

Oracle.PLSQL.Gateway.PLSQLExclusion.ACL.Bypass

Description

It indicates a possible exploit of an access control bypass vulnerability in the Oracle PL/SQL Gateway that may allow remote attackers to bypass the PLSQLExclusion list and access excluded packages and procedures.

Affected Products

Stonesoft StoneBeat High Availability 9.0.2 release 2
Stonesoft StoneBeat High Availability 9.0.2 .0.1 Release 2
Oracle Oracle9i Application Server 9.2 .0.7
Oracle Oracle9i Application Server 9.2 .0.6
Oracle Oracle9i Application Server 9.0.3 .1
Oracle Oracle9i Application Server 9.0.3
Oracle Oracle9i Application Server 9.0.2 .3
Oracle Oracle9i Application Server 9.0.2 .2
Oracle Oracle9i Application Server 9.0.2 .1
Oracle Oracle9i Application Server 9.0.2 .0.1
Oracle Oracle9i Application Server 9.0.2 .0.0
Oracle Oracle9i Application Server 9.0.2
Oracle Oracle9i Application Server 1.0.2 .2.2
Oracle Oracle9i Application Server 1.0.2 .2
Oracle Oracle9i Application Server 1.0.2 .1s
Oracle Oracle9i Application Server 1.0.2
Oracle Oracle9i Application Server
Oracle Oracle10g Application Server 10.1.2 .1.0
Oracle Oracle10g Application Server 10.1.2 .0.2
Oracle Oracle10g Application Server 10.1.2 .0.1
Oracle Oracle10g Application Server 10.1.2
Oracle Oracle10g Application Server 10.1 .0.4
Oracle Oracle10g Application Server 10.1 .0.3.1
Oracle Oracle10g Application Server 10.1 .0.3
Oracle Oracle10g Application Server 10.1 .0.2
Oracle Oracle10g Application Server 9.0.4 .2
Oracle Oracle10g Application Server 9.0.4 .1
Oracle Oracle10g Application Server 9.0.4 .0
Oracle Oracle HTTP Server for Apps only 1.0.2 .1s
Oracle Oracle HTTP Server 9.2 .0
Oracle Oracle HTTP Server 9.1
Oracle Oracle HTTP Server 9.0.3 .1
Oracle Oracle HTTP Server 9.0.2 .3
Oracle Oracle HTTP Server 9.0.2
Oracle Oracle HTTP Server 9.0.1
Oracle Oracle HTTP Server 8.1.7
Oracle Oracle HTTP Server 1.0.2 .2 Roll up 2
Oracle Oracle HTTP Server 1.0.2 .2
Oracle Oracle HTTP Server 1.0.2 .1
Oracle Oracle HTTP Server 1.0.2 .0
Oracle Internet Application Server 1.0.2 .1
Oracle Internet Application Server 1.0.2 .0
Oracle Applications 11i 11.5.10 CU2
Oracle Applications 11i 11.5.10
Oracle Applications 11i 11.5.9
Oracle Applications 11i 11.5.1
Oracle Application Server 10g 10.1.2

Impact

System compromise.

Recommended Actions

Currently we are not aware of any officially supplied fix for this issue.
If you are aware of more information, please mail us: vulnwatch@fortinet.com.

CVE References

CVE-2006-0435