Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2020 Recx Ltd.ORACLE_APEX_CVE-2008-4005.NASL
HistoryFeb 20, 2013 - 12:00 a.m.

Oracle Application Express (Apex) CVE-2008-4005

2013-02-2000:00:00
This script is Copyright (C) 2013-2020 Recx Ltd.
www.tenable.com
11
JSON

An unspecified vulnerability in the Oracle Application Express component of Oracle Database version 11.1.0.6 allows remote, authenticated users to affect confidentiality, integrity, and availability via unpublished vectors.

# ---------------------------------------------------------------------------------
# (c) Recx Ltd 2009-2012
# http://www.recx.co.uk/
#
# Detection script for multiple issues within Oracle Application Express
#
# <3.1.2
# There is one Oracle Application Express security vulnerability listed in the risk matrix above. Security vulnerabilities in Oracle Application Express are fixed in version 3.1.2 and later
# https://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html
# Unspecified vulnerability in the Oracle Application Express component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
# CVE-2008-4005
#
# Version 1.0
# ---------------------------------------------------------------------------------

include("compat.inc");

if (description)
{
  script_id(64707);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");

  script_cve_id("CVE-2008-4005");
  script_bugtraq_id(31683);

  script_name(english:"Oracle Application Express (Apex) CVE-2008-4005");
  script_summary(english:"Checks Apex version against CVE-2008-4005");

  script_set_attribute(attribute:"synopsis", value:"The remote host is running a vulnerable version of Oracle Apex.");
  script_set_attribute(
    attribute:"description",
    value:
"An unspecified vulnerability in the Oracle Application Express
component of Oracle Database version 11.1.0.6 allows remote,
authenticated users to affect confidentiality, integrity, and
availability via unpublished vectors."
  );
  script_set_attribute(attribute:"solution", value:"Upgrade Application Express to the at least version 3.1.2.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:M/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"see_also", value:"http://www.oracle.com/technetwork/developer-tools/apex/index.html");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/20");
  script_set_attribute(attribute:"vuln_publication_date", value:"2008/10/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2008/10/13");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe",value:"cpe:/a:oracle:application_express");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2013-2020 Recx Ltd.");

  script_dependencies("oracle_apex_detect_version.nasl");
  script_require_keys("Oracle/Apex");
  script_require_ports("Services/www", 8080, 80, 443);

  exit(0);
}

include("global_settings.inc");
include("http_func.inc");
include("http_keepalive.inc");

function raise_finding(port, report)
{
  if(report_verbosity > 0)
    security_warning(port:port, extra:report);
  else security_warning(port);
}

port = get_http_port(default:8080, embedded:TRUE);

if (!get_port_state(port)) exit(0, "Port " + port + " is not open.");

version = get_kb_item("Oracle/Apex/"+port+"/Version");
if(!version) exit(0, "The 'Oracle/Apex/" + port + "/Version' KB item is not set.");

location = get_kb_item("Oracle/Apex/" + port + "/Location");
if(!location) exit(0, "The 'Oracle/Apex/" + port + "/Location' KB item is not set.");
url = build_url(qs:location, port:port);

if (version == "2.2" || version == "3.0" || version == "3.0.1" || version == "3.1" || version == "3.1.1")
{
  report = '\n  URL               : ' + url +
           '\n  Installed version : ' + version +
           '\n  Fixed version     : 3.1.2' + '\n';
  raise_finding(port:port, report:report);
  exit(0);
}

exit(0, "The Oracle Apex install at " + url + " is version " + version + " and is not affected.");
VendorProductVersionCPE
oracleapplication_expresscpe:/a:oracle:application_express

Related

prion 1
cve 1
nessus 1
seebug 1
oracle 1
prion
prion
Design/Logic Flaw
2008-10-14 21:11:00
cve
cve
CVE-2008-4005
2008-10-14 21:11:00
nessus
nessus
Oracle Database Multiple Vulnerabilities (October 2008 CPU)
2011-11-16 00:00:00
seebug
seebug
Oracle 2008年10月紧急补丁更新修复多个漏洞
2008-10-20 00:00:00
oracle
oracle
CPUOct2008 Advisory
2008-10-14 00:00:00
JSON
Related for ORACLE_APEX_CVE-2008-4005.NASL
prion1cve1nessus1seebug1oracle1