Oracle 9iAS PL/SQL OWA_UTIL Unauthorized Stored Procedure Access Vulnerability

info
discussion
exploit
solution
references

Oracle 9iAS PL/SQL OWA_UTIL Unauthorized Stored Procedure Access Vulnerability

The OWA_UTIL PL/SQL application exposes a number of stored procedures, which may be accessible anonymously via the web.

These stored procedures may disclose a great deal of sensitive information to a web user who accesses them. The potential for execution of arbitrary SQL queries also exists.