Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2013-2020 Recx Ltd.ORACLE_APEX_PRE221.NASL
HistoryFeb 20, 2013 - 12:00 a.m.

Oracle Application Express (Apex) Unspecified Issues (pre 2.2.1)

2013-02-2000:00:00
This script is Copyright (C) 2013-2020 Recx Ltd.
www.tenable.com
20
JSON

There are unspecified vulnerabilities in versions prior to version 2.2.1 of the Oracle Application Express component of the Oracle Database. The updated version of Apex contains ‘35 new security fixes for Oracle Application Express, 25 of which may be remotely exploitable without authentication’.

# ---------------------------------------------------------------------------------
# (c) Recx Ltd 2009-2012
# http://www.recx.co.uk/
#
# Detection script for multiple issues within Oracle Application Express
#
# < 2.2.1
# 35 new security fixes for Oracle Application Express, 25 of which may be remotely exploitable without authentication.
# The Oracle Application Express security vulnerabilities listed in the risk matrix above are fixed in version 2.2.1. All previous versions should be upgraded directly to version 2.2.1
# https://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html
#
# Version 1.0
# ---------------------------------------------------------------------------------

include("compat.inc");

if (description)
{
  script_id(64714);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");

  script_cve_id("CVE-2006-5351", "CVE-2006-5352");
  script_bugtraq_id(20588);

  script_name(english:"Oracle Application Express (Apex) Unspecified Issues (pre 2.2.1)");
  script_summary(english:"Checks whether the Apex version is less than 2.2.1");

  script_set_attribute(attribute:"synopsis", value:"The remote host is running a vulnerable version of Oracle Apex." );
  script_set_attribute(
    attribute:"description",
    value:
"There are unspecified vulnerabilities in versions prior to version
2.2.1 of the Oracle Application Express component of the Oracle
Database. The updated version of Apex contains '35 new security fixes
for Oracle Application Express, 25 of which may be remotely
exploitable without authentication'."
  );
  script_set_attribute(attribute:"solution", value:"Upgrade Application Express to at least version 2.2.1.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"exploithub_sku", value:"EH-11-486");
  script_set_attribute(attribute:"exploit_framework_exploithub", value:"true");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
  script_set_attribute(attribute:"see_also", value:"http://www.oracle.com/technetwork/developer-tools/apex/index.html" );
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html");

  script_set_attribute(attribute:"vuln_publication_date", value:"2006/10/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2006/10/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/20");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe",value:"cpe:/a:oracle:application_express");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2013-2020 Recx Ltd.");

  script_dependencies("oracle_apex_detect_version.nasl");
  script_require_keys("Oracle/Apex");
  script_require_ports("Services/www", 8080, 80, 443);

  exit(0);
}

include("global_settings.inc");
include("http_func.inc");
include("http_keepalive.inc");

function raise_finding(port, report)
{
  if(report_verbosity > 0)
    security_hole(port:port, extra:report);
  else security_hole(port);
}

port = get_http_port(default:8080, embedded:TRUE);

if (!get_port_state(port)) exit(0, "Port " + port + " is not open.");

version = get_kb_item("Oracle/Apex/"+port+"/Version");
if(!version) exit(0, "The 'Oracle/Apex/" + port + "/Version' KB item is not set.");

location = get_kb_item("Oracle/Apex/" + port + "/Location");
if(!location) exit(0, "The 'Oracle/Apex/" + port + "/Location' KB item is not set.");
url = build_url(qs:location, port:port);

if (version =~ "^[0-1]\." || version =~ "^2\.[0-1](\.|$)" ||
    version == "2.2")
{
  set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
  report = '\n  URL               : ' + url +
   	   '\n  Installed version : ' + version +
           '\n  Fixed version     : 2.2.1' + '\n';
  raise_finding(port:port, report:report);
  exit(0);
}

exit(0, "The Oracle Apex install at " + url + " is version " + version + " and is not affected.");
VendorProductVersionCPE
oracleapplication_expresscpe:/a:oracle:application_express

Related

cve 5
cve
cve
CVE-2006-5352
2006-10-18 01:07:00
CVE-2006-5351
2006-10-18 01:07:00
CVE-2006-7138
2007-03-07 20:19:00
JSON
Related for ORACLE_APEX_PRE221.NASL
cve5