ID CVE-2006-5351Type cveReporter cve@mitre.orgModified 2018-10-17T21:42:00
Description
Multiple unspecified vulnerabilities in Oracle Application Express (formerly Oracle HTML DB) 1.5 up to 2.0 have unknown impact and remote attack vectors, aka Vuln# (1) APEX01, (2) APEX02, (3) APEX03, (4) APEX05, (5) APEX06, (6) APEX07, (7) APEX08, (8) APEX09, (9) APEX10, (10) APEX11, (11) APEX12, (12) APEX13, (13) APEX14, (14) APEX15, (15) APEX16, (16) APEX17, (17) APEX18, (18) APEX19, (19) APEX22, (20) APEX23, (21) APEX24, (22) APEX25, (23) APEX26, (24) APEX27, (25) APEX28, (26) APEX29, (27) APEX30, (28) APEX31, (29) APEX32, (30) APEX33, (31) APEX34, and (32) APEX35. NOTE: as of 20061027, it is likely that some of these identifiers are associated with cross-site scripting (XSS) in WWV_FLOW_ITEM_HELP and NOTIFICATION_MSG, but these have been provided separate identifiers.
{"id": "CVE-2006-5351", "bulletinFamily": "NVD", "title": "CVE-2006-5351", "description": "Multiple unspecified vulnerabilities in Oracle Application Express (formerly Oracle HTML DB) 1.5 up to 2.0 have unknown impact and remote attack vectors, aka Vuln# (1) APEX01, (2) APEX02, (3) APEX03, (4) APEX05, (5) APEX06, (6) APEX07, (7) APEX08, (8) APEX09, (9) APEX10, (10) APEX11, (11) APEX12, (12) APEX13, (13) APEX14, (14) APEX15, (15) APEX16, (16) APEX17, (17) APEX18, (18) APEX19, (19) APEX22, (20) APEX23, (21) APEX24, (22) APEX25, (23) APEX26, (24) APEX27, (25) APEX28, (26) APEX29, (27) APEX30, (28) APEX31, (29) APEX32, (30) APEX33, (31) APEX34, and (32) APEX35. NOTE: as of 20061027, it is likely that some of these identifiers are associated with cross-site scripting (XSS) in WWV_FLOW_ITEM_HELP and NOTIFICATION_MSG, but these have been provided separate identifiers.", "published": "2006-10-18T01:07:00", "modified": "2018-10-17T21:42:00", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5351", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/archive/1/449711/100/0/threaded", "http://www.us-cert.gov/cas/techalerts/TA06-291A.html", "http://www.vupen.com/english/advisories/2006/4065", "http://securitytracker.com/id?1017077", "http://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html", "http://www.securityfocus.com/bid/20588", "http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html", "http://secunia.com/advisories/22396"], "cvelist": ["CVE-2006-5351"], "type": "cve", "lastseen": "2019-05-29T18:08:34", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "957e7631d6b709025d75481d0409a397"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "ab78c4175ec0a0fb5744c957360e0522"}, {"key": "cpe23", "hash": "1613894eb4347e8c66c7788c473fbd3d"}, {"key": "cvelist", "hash": "b9fd2988cb8478c6c9aeca50f4edf987"}, {"key": "cvss", "hash": "62e86bb7716385cd46817416916a7bbd"}, {"key": "cvss2", "hash": "a6674711d5258b061e81bdf1502ce727"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "d370d473ba1bd1721d669ef98e2aeebb"}, {"key": "description", "hash": "fcc44994cd07fd36aeeda89df22333e5"}, {"key": "href", "hash": "6d5a971903aaa107b722955463edf3c3"}, {"key": "modified", "hash": "7c5b0816ab4ae0609164857583a5ebb3"}, {"key": "published", "hash": "053caa9a4919d820c83b8dd47121b2dc"}, {"key": "references", "hash": "6dac9b66c9cd5b34ace53af82e6c4bbb"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "5483bd8d6ac9353a153a8e6c283fcb1c"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "f0a3c76fd589bcc7fc6585e97869a5913af8498f61c8b7f680d028ab7c01182c", "viewCount": 0, "enchantments": {"score": {"value": 6.2, "vector": "NONE", "modified": "2019-05-29T18:08:34"}, "dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:31500", "OSVDB:31499", "OSVDB:31479", "OSVDB:31502", "OSVDB:31483", "OSVDB:31480", "OSVDB:31503", "OSVDB:31478", "OSVDB:31497", "OSVDB:31470"]}, {"type": "nessus", "idList": ["ORACLE_APEX_PRE221.NASL"]}], "modified": "2019-05-29T18:08:34"}, "vulnersScore": 6.2}, "objectVersion": "1.3", "cpe": ["cpe:/a:oracle:apex:2.0", "cpe:/a:oracle:apex:1.5.0"], "affectedSoftware": [{"name": "oracle apex", "operator": "eq", "version": "2.0"}, {"name": "oracle apex", "operator": "eq", "version": "1.5.0"}], "cvss2": {"acInsufInfo": true, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:oracle:apex:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:apex:2.0:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-noinfo"]}
{"osvdb": [{"lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html)\n[Secunia Advisory ID:22396](https://secuniaresearch.flexerasoftware.com/advisories/22396/)\n[Related OSVDB ID: 31383](https://vulners.com/osvdb/OSVDB:31383)\n[Related OSVDB ID: 31384](https://vulners.com/osvdb/OSVDB:31384)\n[Related OSVDB ID: 31393](https://vulners.com/osvdb/OSVDB:31393)\n[Related OSVDB ID: 31399](https://vulners.com/osvdb/OSVDB:31399)\n[Related OSVDB ID: 31414](https://vulners.com/osvdb/OSVDB:31414)\n[Related OSVDB ID: 31462](https://vulners.com/osvdb/OSVDB:31462)\n[Related OSVDB ID: 31407](https://vulners.com/osvdb/OSVDB:31407)\nOther Advisory URL: http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf\nNews Article: http://news.com.com/Oracle+plugs+101+security+flaws/2100-1002_3-6126864.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0360.html\nKeyword: APEX25\nKeyword: Formerly Called Oracle HTML DB\n[CVE-2006-5351](https://vulners.com/cve/CVE-2006-5351)\n", "modified": "2006-10-18T06:18:53", "published": "2006-10-18T06:18:53", "href": "https://vulners.com/osvdb/OSVDB:31493", "id": "OSVDB:31493", "title": "Oracle Application Express Unspecified Unauthenticated Remote Partial DoS", "type": "osvdb", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html)\n[Secunia Advisory ID:22396](https://secuniaresearch.flexerasoftware.com/advisories/22396/)\n[Related OSVDB ID: 31383](https://vulners.com/osvdb/OSVDB:31383)\n[Related OSVDB ID: 31384](https://vulners.com/osvdb/OSVDB:31384)\n[Related OSVDB ID: 31393](https://vulners.com/osvdb/OSVDB:31393)\n[Related OSVDB ID: 31399](https://vulners.com/osvdb/OSVDB:31399)\n[Related OSVDB ID: 31414](https://vulners.com/osvdb/OSVDB:31414)\n[Related OSVDB ID: 31462](https://vulners.com/osvdb/OSVDB:31462)\n[Related OSVDB ID: 31407](https://vulners.com/osvdb/OSVDB:31407)\nOther Advisory URL: http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf\nNews Article: http://news.com.com/Oracle+plugs+101+security+flaws/2100-1002_3-6126864.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0360.html\nKeyword: APEX24\nKeyword: Formerly Called Oracle HTML DB\n[CVE-2006-5351](https://vulners.com/cve/CVE-2006-5351)\n", "modified": "2006-10-18T06:18:53", "published": "2006-10-18T06:18:53", "href": "https://vulners.com/osvdb/OSVDB:31492", "id": "OSVDB:31492", "title": "Oracle Application Express Unauthenticated Unspecified Issue (APEX24)", "type": "osvdb", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html)\n[Secunia Advisory ID:22396](https://secuniaresearch.flexerasoftware.com/advisories/22396/)\n[Related OSVDB ID: 31383](https://vulners.com/osvdb/OSVDB:31383)\n[Related OSVDB ID: 31384](https://vulners.com/osvdb/OSVDB:31384)\n[Related OSVDB ID: 31393](https://vulners.com/osvdb/OSVDB:31393)\n[Related OSVDB ID: 31399](https://vulners.com/osvdb/OSVDB:31399)\n[Related OSVDB ID: 31414](https://vulners.com/osvdb/OSVDB:31414)\n[Related OSVDB ID: 31462](https://vulners.com/osvdb/OSVDB:31462)\n[Related OSVDB ID: 31407](https://vulners.com/osvdb/OSVDB:31407)\nOther Advisory URL: http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf\nNews Article: http://news.com.com/Oracle+plugs+101+security+flaws/2100-1002_3-6126864.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0360.html\nKeyword: Formerly Called Oracle HTML DB\nKeyword: APEX06\n[CVE-2006-5351](https://vulners.com/cve/CVE-2006-5351)\n", "modified": "2006-10-18T06:18:53", "published": "2006-10-18T06:18:53", "href": "https://vulners.com/osvdb/OSVDB:31474", "id": "OSVDB:31474", "title": "Oracle Application Express Unauthenticated Simple Unspecified Issue (APEX06)", "type": "osvdb", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html)\n[Secunia Advisory ID:22396](https://secuniaresearch.flexerasoftware.com/advisories/22396/)\n[Related OSVDB ID: 31383](https://vulners.com/osvdb/OSVDB:31383)\n[Related OSVDB ID: 31384](https://vulners.com/osvdb/OSVDB:31384)\n[Related OSVDB ID: 31393](https://vulners.com/osvdb/OSVDB:31393)\n[Related OSVDB ID: 31399](https://vulners.com/osvdb/OSVDB:31399)\n[Related OSVDB ID: 31414](https://vulners.com/osvdb/OSVDB:31414)\n[Related OSVDB ID: 31462](https://vulners.com/osvdb/OSVDB:31462)\n[Related OSVDB ID: 31407](https://vulners.com/osvdb/OSVDB:31407)\nOther Advisory URL: http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf\nNews Article: http://news.com.com/Oracle+plugs+101+security+flaws/2100-1002_3-6126864.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0360.html\nKeyword: Formerly Called Oracle HTML DB\nKeyword: APEX28\n[CVE-2006-5351](https://vulners.com/cve/CVE-2006-5351)\n", "modified": "2006-10-18T06:18:53", "published": "2006-10-18T06:18:53", "href": "https://vulners.com/osvdb/OSVDB:31496", "id": "OSVDB:31496", "title": "Oracle Application Express Unauthenticated Unspecified Issue (APEX28)", "type": "osvdb", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html)\n[Secunia Advisory ID:22396](https://secuniaresearch.flexerasoftware.com/advisories/22396/)\n[Related OSVDB ID: 31383](https://vulners.com/osvdb/OSVDB:31383)\n[Related OSVDB ID: 31384](https://vulners.com/osvdb/OSVDB:31384)\n[Related OSVDB ID: 31393](https://vulners.com/osvdb/OSVDB:31393)\n[Related OSVDB ID: 31399](https://vulners.com/osvdb/OSVDB:31399)\n[Related OSVDB ID: 31414](https://vulners.com/osvdb/OSVDB:31414)\n[Related OSVDB ID: 31462](https://vulners.com/osvdb/OSVDB:31462)\n[Related OSVDB ID: 31407](https://vulners.com/osvdb/OSVDB:31407)\nOther Advisory URL: http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf\nNews Article: http://news.com.com/Oracle+plugs+101+security+flaws/2100-1002_3-6126864.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0360.html\nKeyword: Formerly Called Oracle HTML DB\nKeyword: APEX09\n[CVE-2006-5351](https://vulners.com/cve/CVE-2006-5351)\n", "modified": "2006-10-18T06:18:53", "published": "2006-10-18T06:18:53", "href": "https://vulners.com/osvdb/OSVDB:31477", "id": "OSVDB:31477", "title": "Oracle Application Express Unauthenticated Simple Unspecified Issue (APEX09)", "type": "osvdb", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html)\n[Secunia Advisory ID:22396](https://secuniaresearch.flexerasoftware.com/advisories/22396/)\n[Related OSVDB ID: 31383](https://vulners.com/osvdb/OSVDB:31383)\n[Related OSVDB ID: 31384](https://vulners.com/osvdb/OSVDB:31384)\n[Related OSVDB ID: 31393](https://vulners.com/osvdb/OSVDB:31393)\n[Related OSVDB ID: 31399](https://vulners.com/osvdb/OSVDB:31399)\n[Related OSVDB ID: 31414](https://vulners.com/osvdb/OSVDB:31414)\n[Related OSVDB ID: 31462](https://vulners.com/osvdb/OSVDB:31462)\n[Related OSVDB ID: 31407](https://vulners.com/osvdb/OSVDB:31407)\nOther Advisory URL: http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf\nNews Article: http://news.com.com/Oracle+plugs+101+security+flaws/2100-1002_3-6126864.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0360.html\nKeyword: APEX23\nKeyword: Formerly Called Oracle HTML DB\n[CVE-2006-5351](https://vulners.com/cve/CVE-2006-5351)\n", "modified": "2006-10-18T06:18:53", "published": "2006-10-18T06:18:53", "href": "https://vulners.com/osvdb/OSVDB:31491", "id": "OSVDB:31491", "title": "Oracle Application Express Unauthenticated Unspecified Issue (APEX23)", "type": "osvdb", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html)\n[Secunia Advisory ID:22396](https://secuniaresearch.flexerasoftware.com/advisories/22396/)\n[Related OSVDB ID: 31383](https://vulners.com/osvdb/OSVDB:31383)\n[Related OSVDB ID: 31384](https://vulners.com/osvdb/OSVDB:31384)\n[Related OSVDB ID: 31393](https://vulners.com/osvdb/OSVDB:31393)\n[Related OSVDB ID: 31399](https://vulners.com/osvdb/OSVDB:31399)\n[Related OSVDB ID: 31414](https://vulners.com/osvdb/OSVDB:31414)\n[Related OSVDB ID: 31462](https://vulners.com/osvdb/OSVDB:31462)\n[Related OSVDB ID: 31407](https://vulners.com/osvdb/OSVDB:31407)\nOther Advisory URL: http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf\nNews Article: http://news.com.com/Oracle+plugs+101+security+flaws/2100-1002_3-6126864.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0360.html\nKeyword: APEX03\nKeyword: Formerly Called Oracle HTML DB\n[CVE-2006-5351](https://vulners.com/cve/CVE-2006-5351)\n", "modified": "2006-10-18T06:18:53", "published": "2006-10-18T06:18:53", "href": "https://vulners.com/osvdb/OSVDB:31471", "id": "OSVDB:31471", "title": "Oracle Application Express Unauthenticated Complex Unspecified Issue (APEX03)", "type": "osvdb", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html)\n[Secunia Advisory ID:22396](https://secuniaresearch.flexerasoftware.com/advisories/22396/)\n[Related OSVDB ID: 31383](https://vulners.com/osvdb/OSVDB:31383)\n[Related OSVDB ID: 31384](https://vulners.com/osvdb/OSVDB:31384)\n[Related OSVDB ID: 31393](https://vulners.com/osvdb/OSVDB:31393)\n[Related OSVDB ID: 31399](https://vulners.com/osvdb/OSVDB:31399)\n[Related OSVDB ID: 31414](https://vulners.com/osvdb/OSVDB:31414)\n[Related OSVDB ID: 31462](https://vulners.com/osvdb/OSVDB:31462)\n[Related OSVDB ID: 31407](https://vulners.com/osvdb/OSVDB:31407)\nOther Advisory URL: http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf\nNews Article: http://news.com.com/Oracle+plugs+101+security+flaws/2100-1002_3-6126864.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0360.html\nKeyword: APEX14\nKeyword: Formerly Called Oracle HTML DB\n[CVE-2006-5351](https://vulners.com/cve/CVE-2006-5351)\n", "modified": "2006-10-18T06:18:53", "published": "2006-10-18T06:18:53", "href": "https://vulners.com/osvdb/OSVDB:31482", "id": "OSVDB:31482", "title": "Oracle Application Express Unauthenticated Complex Unspecified Issue (APEX14)", "type": "osvdb", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html)\n[Secunia Advisory ID:22396](https://secuniaresearch.flexerasoftware.com/advisories/22396/)\n[Related OSVDB ID: 31383](https://vulners.com/osvdb/OSVDB:31383)\n[Related OSVDB ID: 31384](https://vulners.com/osvdb/OSVDB:31384)\n[Related OSVDB ID: 31393](https://vulners.com/osvdb/OSVDB:31393)\n[Related OSVDB ID: 31399](https://vulners.com/osvdb/OSVDB:31399)\n[Related OSVDB ID: 31414](https://vulners.com/osvdb/OSVDB:31414)\n[Related OSVDB ID: 31462](https://vulners.com/osvdb/OSVDB:31462)\n[Related OSVDB ID: 31407](https://vulners.com/osvdb/OSVDB:31407)\nOther Advisory URL: http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf\nNews Article: http://news.com.com/Oracle+plugs+101+security+flaws/2100-1002_3-6126864.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0360.html\nKeyword: APEX16\nKeyword: Formerly Called Oracle HTML DB\n[CVE-2006-5351](https://vulners.com/cve/CVE-2006-5351)\n", "modified": "2006-10-18T06:18:53", "published": "2006-10-18T06:18:53", "href": "https://vulners.com/osvdb/OSVDB:31484", "id": "OSVDB:31484", "title": "Oracle Application Express Developer SQL Workshop Unspecified Issue (APEX16)", "type": "osvdb", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-04-28T13:20:27", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2006.html)\n[Secunia Advisory ID:22396](https://secuniaresearch.flexerasoftware.com/advisories/22396/)\n[Related OSVDB ID: 31383](https://vulners.com/osvdb/OSVDB:31383)\n[Related OSVDB ID: 31384](https://vulners.com/osvdb/OSVDB:31384)\n[Related OSVDB ID: 31393](https://vulners.com/osvdb/OSVDB:31393)\n[Related OSVDB ID: 31399](https://vulners.com/osvdb/OSVDB:31399)\n[Related OSVDB ID: 31414](https://vulners.com/osvdb/OSVDB:31414)\n[Related OSVDB ID: 31462](https://vulners.com/osvdb/OSVDB:31462)\n[Related OSVDB ID: 31407](https://vulners.com/osvdb/OSVDB:31407)\nOther Advisory URL: http://www.databasesecurity.com/oracle/OracleOct2006-CPU-Analysis.pdf\nNews Article: http://news.com.com/Oracle+plugs+101+security+flaws/2100-1002_3-6126864.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0360.html\nKeyword: Formerly Called Oracle HTML DB\nKeyword: APEX11\n[CVE-2006-5351](https://vulners.com/cve/CVE-2006-5351)\n", "modified": "2006-10-18T06:18:53", "published": "2006-10-18T06:18:53", "href": "https://vulners.com/osvdb/OSVDB:31479", "id": "OSVDB:31479", "title": "Oracle Application Express synonym Creation Unspecified Authenticated Issue", "type": "osvdb", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-12-13T08:39:52", "bulletinFamily": "scanner", "description": "There are unspecified vulnerabilities in versions prior to version\n2.2.1 of the Oracle Application Express component of the Oracle\nDatabase. The updated version of Apex contains ", "modified": "2019-12-02T00:00:00", "id": "ORACLE_APEX_PRE221.NASL", "href": "https://www.tenable.com/plugins/nessus/64714", "published": "2013-02-20T00:00:00", "title": "Oracle Application Express (Apex) Unspecified Issues (pre 2.2.1)", "type": "nessus", "sourceData": "# ---------------------------------------------------------------------------------\n# (c) Recx Ltd 2009-2012\n# http://www.recx.co.uk/\n#\n# Detection script for multiple issues within Oracle Application Express\n#\n# < 2.2.1\n# 35 new security fixes for Oracle Application Express, 25 of which may be remotely exploitable without authentication.\n# The Oracle Application Express security vulnerabilities listed in the risk matrix above are fixed in version 2.2.1. All previous versions should be upgraded directly to version 2.2.1\n# https://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html\n#\n# Version 1.0\n# ---------------------------------------------------------------------------------\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(64714);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/11/15 20:50:25\");\n\n script_cve_id(\"CVE-2006-5351\", \"CVE-2006-5352\");\n script_bugtraq_id(20588);\n\n script_name(english:\"Oracle Application Express (Apex) Unspecified Issues (pre 2.2.1)\");\n script_summary(english:\"Checks whether the Apex version is less than 2.2.1\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote host is running a vulnerable version of Oracle Apex.\" );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"There are unspecified vulnerabilities in versions prior to version\n2.2.1 of the Oracle Application Express component of the Oracle\nDatabase. The updated version of Apex contains '35 new security fixes\nfor Oracle Application Express, 25 of which may be remotely\nexploitable without authentication'.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade Application Express to at least version 2.2.1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-486\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n script_set_attribute(attribute:\"see_also\", value:\"http://www.oracle.com/technetwork/developer-tools/apex/index.html\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/10/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\",value:\"cpe:/a:oracle:application_express\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Recx Ltd.\");\n\n script_dependencies(\"oracle_apex_detect_version.nasl\");\n script_require_keys(\"Oracle/Apex\");\n script_require_ports(\"Services/www\", 8080, 80, 443);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nfunction raise_finding(port, report)\n{\n if(report_verbosity > 0)\n security_hole(port:port, extra:report);\n else security_hole(port);\n}\n\nport = get_http_port(default:8080);\n\nif (!get_port_state(port)) exit(0, \"Port \" + port + \" is not open.\");\n\nversion = get_kb_item(\"Oracle/Apex/\"+port+\"/Version\");\nif(!version) exit(0, \"The 'Oracle/Apex/\" + port + \"/Version' KB item is not set.\");\n\nlocation = get_kb_item(\"Oracle/Apex/\" + port + \"/Location\");\nif(!location) exit(0, \"The 'Oracle/Apex/\" + port + \"/Location' KB item is not set.\");\nurl = build_url(qs:location, port:port);\n\nif (version =~ \"^[0-1]\\.\" || version =~ \"^2\\.[0-1](\\.|$)\" ||\n version == \"2.2\")\n{\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n report = '\\n URL : ' + url +\n \t '\\n Installed version : ' + version +\n '\\n Fixed version : 2.2.1' + '\\n';\n raise_finding(port:port, report:report);\n exit(0);\n}\n\nexit(0, \"The Oracle Apex install at \" + url + \" is version \" + version + \" and is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
