6.5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.2%
An unspecified vulnerability in versions 3.2 and 4.0 of the Application Express (Apex) component of the Oracle Database Server allows remote, authenticated users to affect confidentiality, integrity, and availability, relating to the Apex developer user.
# ---------------------------------------------------------------------------------
# (c) Recx Ltd 2009-2012
# http://www.recx.co.uk/
#
# Detection script for CVE-2011-3525
# Ref: https://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html
# Oracle Application Express v3.2 < x < v4.1
#
# Unspecified vulnerability in the Application Express component in Oracle
# Database Server 3.2 and 4.0 that allows remote authenticated users to affect
# confidentiality, integrity, and availability, related to Apex developer user.
#
# Version 1.0
# ---------------------------------------------------------------------------------
include("compat.inc");
if (description)
{
script_id(64712);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");
script_cve_id("CVE-2011-3525");
script_bugtraq_id(50197);
script_name(english:"Oracle Application Express (Apex) CVE-2011-3525");
script_summary(english:"Checks whether vulnerable to CVE-2011-3525");
script_set_attribute(attribute:"synopsis", value:
"The remote host is running a vulnerable version of Oracle Apex.");
script_set_attribute(attribute:"description", value:
"An unspecified vulnerability in versions 3.2 and 4.0 of the
Application Express (Apex) component of the Oracle Database Server
allows remote, authenticated users to affect confidentiality,
integrity, and availability, relating to the Apex developer user.");
script_set_attribute(attribute:"see_also", value:"http://www.oracle.com/technetwork/developer-tools/apex/index.html");
script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html");
script_set_attribute(attribute:"see_also", value:"https://www.recx.co.uk/downloads/Recx-Apex-CVE-2011-3525.pdf");
script_set_attribute(attribute:"solution", value:
"Upgrade Application Express to at least version 4.1.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2011/10/18");
script_set_attribute(attribute:"patch_publication_date", value:"2011/10/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/20");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:application_express");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Web Servers");
script_copyright(english:"This script is Copyright (C) 2013-2020 Recx Ltd.");
script_dependencies("oracle_apex_detect_version.nasl");
script_require_keys("Oracle/Apex");
script_require_ports("Services/www", 8080, 80, 443);
exit(0);
}
include("global_settings.inc");
include("http_func.inc");
include("http_keepalive.inc");
function raise_finding(port, report)
{
if(report_verbosity > 0)
security_warning(port:port, extra:report);
else security_warning(port);
}
port = get_http_port(default:8080, embedded:TRUE);
if (!get_port_state(port)) exit(0, "Port " + port + " is not open.");
version = get_kb_item("Oracle/Apex/"+port+"/Version");
if(!version) exit(0, "The 'Oracle/Apex/" + port + "/Version' KB item is not set.");
location = get_kb_item("Oracle/Apex/" + port + "/Location");
if(!location) exit(0, "The 'Oracle/Apex/" + port + "/Location' KB item is not set.");
url = build_url(qs:location, port:port);
if (version == "3.2" || version == "3.2.1" || version == "4.0" || version == "4.0.1" || version == "4.0.2")
{
report = '\n URL : ' + url +
'\n Installed version : ' + version +
'\n Fixed version : 4.1' + '\n';
raise_finding(port:port, report:report);
exit(0);
}
exit(0, "The Oracle Apex install at " + url + " is version " + version + " and is not affected.");
Vendor | Product | Version | CPE |
---|---|---|---|
oracle | application_express | cpe:/a:oracle:application_express |