Name SQL Injection in package DBMS_AQADM_SYS [CVE-2009-0977]
Systems Affected Oracle 188.8.131.52 - 10.2.0.3
Severity Medium Risk
Category SQL Injection
Vendor URL http://www.oracle.com/
Author Franz H=FCll (fh at red-database-security.com)
Advisory 14 April 2009 (V 1.00)
The package DBMS_AQADM_SYS contains a SQL injection vulnerability in the procedure
Additional information is available in the following advisory.
Apply the patches for Oracle CPU April 2009.
Our Oracle database scanner Repscan was updated with the information from the Oracle
CPU April 2009 and can identify vulnerable databases.
More Information about Repscan can be found here:
14-apr-2009 Oracle published CPU April 2009 [CVE-2009-0977]
14-apr-2009 Advisory published
Red-Database-Security is the leading company for Oracle security. Within the last
6 years we reported several hundred vulnerabilities to Oracle.
(c) 2009 by Red-Database-Security GmbH