Dangling Database Cursor ('Cursor Injection')
|Weakness ID: 619 (Weakness Base)||Status: Incomplete|
If a database cursor is not closed properly, then it could become accessible to other users while retaining the same privileges that were originally assigned, leaving the cursor "dangling."
For example, an improper dangling cursor could arise from unhandled exceptions. The impact of the issue depends on the cursor's role, but SQL injection attacks are commonly possible.
Time of Introduction
Modes of Introduction
This issue is currently reported for unhandled exceptions, but it is
theoretically possible any time the programmer does not close the cursor at
the proper time.
Technical Impact: Read application
data; Modify application
Close cursors immediately after access to them is complete. Ensure
that you close cursors if exceptions occur.
A cursor is a feature in Oracle PL/SQL and other languages that provides a
handle for executing and accessing the results of SQL queries.
This could be primary when the programmer never attempts to close the
cursor when finished with it.
the weakness is typically related to the presence of some other
|updated Relationships, Other_Notes|
|updated Background_Details, Description,
|updated Modes_of_Introduction, Other_Notes,
|Previous Entry Names|
|Change Date||Previous Entry
|2008-04-11||Dangling Database Cursor
|2009-05-27||Dangling Database Cursor (aka