Hillstone Networks

RULE（RULE ID：1705145）

Rule General Information


Release Date:		2014-12-11

Rule Name:		Oracle Database SUBSCRIPTION_NAME Parameter SQL Injection (CVE-2005-1197)

Severity:

CVE ID:

Rule Protection Details


Description:		An SQL injection vulnerability exists in the Oracle Database Server's DBMS_CDC_SUBSCRIBE and DBMS_CDC_ISUBSCRIBE packages. This issue is caused by insufficient sanitization of user-supplied data.

Impact:		SQL injection

Affected OS:		Solaris, Linux

Reference:		CVE-2005-1197

Solutions

Update vendor's patch.