Oracle PL/SQL Gateway - Critical unpatched vulnerability
A critical vulnerability has been discovered that is currently unpatched. Oracle will most likely address this quickly and so far there are no reports of this being exploited in the wild.
Oracle Products PL/SQL Gateway Security Bypass Vulnerability
Critical: Highly critical
Impact: Security Bypass
Solution Status: Unpatched
Oracle Application Server 10g
Oracle Database 8.x
Oracle HTTP Server 8.x
Oracle HTTP Server 9.x
Oracle9i Application Server
Oracle9i Database Enterprise Edition
Oracle9i Database Standard Edition
DESCRIPTION: A vulnerability has been identified in various Oracle products, which could be exploited by remote attackers to bypass security restrictions and gain unauthorized access to a vulnerable system. This flaw is due to an input validation error in the PL/SQL Gateway component that does not properly handle malformed HTTP requests, which could be exploited by remote unauthenticated attackers to bypass the "PLSQLExclusion" list and gain access to "excluded" packages and procedures that will allow the compromise of the back-end database server.
Oracle PL/SQL Gateway Exclusion List Security Bypass Vulnerability
Advisory ID : FrSIRT/ADV-2006-0338
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-01-25
Solution: The FrSIRT is not aware of any official supplied patch for this issue.
Workaround: Administrators can filter malicious characters and character sequences in a proxy or firewall with URL filtering capabilities.