Home / Vulnerability Database / PL or SQL : Undocumented feature: network activity
PL/SQL
PL or SQL : Undocumented feature: network activity
Classification
Overview
The application uses a package with network functionality. It may be a sign of undocumented network activity.
Packages for working with network protocols include UTL_TCP, UTL_HTTP, UTL_SMTP, and others. If the arguments of the function originate from an untrusted source, an adversary can initiate a connection with an arbitrary server and use it as a part of an attack, e.g., transfer the data to their own server or get the information on the database structure.
Network functionality should be used with caution. Unprivileged users should not have the rights to use the aforementioned packages.
References
- Top 10 Oracle Steps to a Secure Oracle Database Server - Chris Stark / opensecurityresearch.com
- Fortschrittliche SQL Injection in Webanwendungen - Alexander Kornbrust / red-database-security.com, pp. 60, 68 (pdf)
- Database Real Application Security Administrator’s and Developer’s Guide - docs.oracle.com
- CWE-506: Embedded Malicious Code
LOW
DerScanner Severity Score
Do you want to fix PL or SQL : Undocumented feature: network activity in your application?
See also
PL/SQL
PL or SQL : Open redirect
PL/SQL
PL or SQL : Cross-site scripting (XSS)
PL/SQL