Lucene search

PRIOn knowledge basePRION:CVE-2009-0981

HistoryApr 15, 2009 - 10:30 a.m.

Design/Logic Flaw

2009-04-1510:30:00

PRIOn knowledge base

www.prio-n.com

5.9 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.15 Low

EPSS

Percentile

95.7%

JSON

Unspecified vulnerability in the Application Express component in Oracle Database 11.1.0.7 allows remote authenticated users to affect confidentiality, related to APEX. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue allows remote authenticated users to obtain APEX password hashes from the WWV_FLOW_USERS table via a SELECT statement.

CPENameOperatorVersion
database_11geq11.1.0.7

CPE	Name	Operator	Version
	database_11g	eq	11.1.0.7

References

osvdb.org/53738

secunia.com/advisories/34693

www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html

www.red-database-security.com/advisory/apex_password_hashes.html

www.securityfocus.com/archive/1/502724/100/0/threaded

www.securityfocus.com/bid/34461

www.securitytracker.com/id?1022052

www.us-cert.gov/cas/techalerts/TA09-105A.html

www.exploit-db.com/exploits/8456

5.9 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.15 Low

EPSS

Percentile

95.7%

JSON

Related for PRION:CVE-2009-0981