Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2020 Recx Ltd.ORACLE_APEX_CVE-2009-0981.NASL
HistoryFeb 20, 2013 - 12:00 a.m.

Oracle Application Express (Apex) CVE-2009-0981

2013-02-2000:00:00
This script is Copyright (C) 2013-2020 Recx Ltd.
www.tenable.com
33
JSON

Unprivileged database users can see Oracle Apex password hashes in FLOWS_030000.WWV_FLOW_USER.

# ---------------------------------------------------------------------------------
# (c) Recx Ltd 2009-2012
# http://www.recx.co.uk/
#
# Detection script for multiple issues within Oracle Application Express
#
# 3.0
# https://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html
# http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=786800.1
# http://www.red-database-security.com/advisory/apex_password_hashes.html
# Unspecified vulnerability in the Application Express component in Oracle Database 11.1.0.7 allows remote authenticated users to affect confidentiality, related to APEX
# CVE-2009-0981
#
# Version 1.0
# ---------------------------------------------------------------------------------

include("compat.inc");

if (description)
{
  script_id(64708);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");

  script_cve_id("CVE-2009-0981");
  script_bugtraq_id(34461);

  script_name(english:"Oracle Application Express (Apex) CVE-2009-0981");
  script_summary(english:"Checks Apex version against CVE-2009-0981");

  script_set_attribute(attribute:"synopsis", value:"The remote host is running a vulnerable version of Oracle Apex.");
  script_set_attribute(attribute:"description", value:
"Unprivileged database users can see Oracle Apex password hashes in FLOWS_030000.WWV_FLOW_USER.");
  script_set_attribute(attribute:"solution", value:"Upgrade Application Express to at least version 4.0.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"see_also", value:"http://www.oracle.com/technetwork/developer-tools/apex/index.html");
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html");
  # http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=786800.1
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7fa76004");
  script_set_attribute(attribute:"see_also", value:"http://www.red-database-security.com/advisory/apex_password_hashes.html");
  script_set_attribute(attribute:"vuln_publication_date", value:"2009/04/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/04/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/20");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe",value:"cpe:/a:oracle:application_express");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2013-2020 Recx Ltd.");

  script_dependencies("oracle_apex_detect_version.nasl");
  script_require_keys("Oracle/Apex");
  script_require_ports("Services/www", 8080, 80, 443);

  exit(0);
}

include("global_settings.inc");
include("http_func.inc");
include("http_keepalive.inc");

function raise_finding(port, report)
{
  if(report_verbosity > 0)
    security_warning(port:port, extra:report);
  else security_warning(port);
}

port = get_http_port(default:8080, embedded:TRUE);

if (!get_port_state(port)) exit(0, "Port " + port + " is not open.");

version = get_kb_item("Oracle/Apex/"+port+"/Version");
if(!version) exit(0, "The 'Oracle/Apex/" + port + "/Version' KB item is not set.");

location = get_kb_item("Oracle/Apex/" + port + "/Location");
if(!location) exit(0, "The 'Oracle/Apex/" + port + "/Location' KB item is not set.");
url = build_url(qs:location, port:port);

if (version == "3.2.1")
{
  report = '\n  URL               : ' + url +
	   '\n  Installed version : ' + version +
	   '\n  Fixed version     : 4.0' + '\n';
  raise_finding(port:port, report:report);
  exit(0);
}

exit(0, "The Oracle Apex install at " + url + " is version " + version + " and is not affected.");
VendorProductVersionCPE
oracleapplication_expresscpe:/a:oracle:application_express

Related

securityvulns 2
checkpoint_advisories 1
packetstorm 1
exploitpack 1
seebug 2
prion 1
cve 1
exploitdb 1
nessus 1
oracle 1
securityvulns
securityvulns
Unprivileged DB users can see APEX password hashes
2009-04-16 00:00:00
Oracle multiple security vulnerabilities
2009-05-18 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Database Application Express Component APEX Password Hash Disclosure (CVE-2009-0981)
2010-08-09 00:00:00
packetstorm
packetstorm
APEX Password Hash Disclosure
2009-04-16 00:00:00
exploitpack
exploitpack
Oracle APEX 3.2 - Unprivileged DB users can see APEX Password hashes
2009-04-16 00:00:00
seebug
seebug
Oracle APEX 3.2 Unprivileged DB users can see APEX password hashes
2009-04-17 00:00:00
Oracle 2009ๅนด4ๆœˆ็ดงๆ€ฅ่กฅไธๆ›ดๆ–ฐไฟฎๅคๅคšไธชๆผๆดž
2009-04-16 00:00:00
prion
prion
Design/Logic Flaw
2009-04-15 10:30:00
cve
cve
CVE-2009-0981
2009-04-15 10:30:00
exploitdb
exploitdb
Oracle APEX 3.2 - Unprivileged DB users can see APEX Password hashes
2009-04-16 00:00:00
nessus
nessus
Oracle Database Multiple Vulnerabilities (April 2009 CPU)
2011-11-16 00:00:00
oracle
oracle
cpuapr2009.html
2009-04-14 00:00:00
JSON
Related for ORACLE_APEX_CVE-2009-0981.NASL
securityvulns2checkpoint_advisories1packetstorm1exploitpack1seebug2prion1cve1exploitdb1nessus1oracle1