Detections
Analytics
Oracle Application Express (Apex) CVE-2009-0981
medium Nessus Plugin ID 64708
Language:
Synopsis
The remote host is running a vulnerable version of Oracle Apex.Description
Unprivileged database users can see Oracle Apex password hashes in FLOWS_030000.WWV_FLOW_USER.Solution
Upgrade Application Express to at least version 4.0.See Also
http://www.oracle.com/technetwork/developer-tools/apex/index.html
https://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html
http://www.nessus.org/u?7fa76004
http://www.red-database-security.com/advisory/apex_password_hashes.html
Plugin Details
Severity: Medium
ID: 64708
File Name: oracle_apex_CVE-2009-0981.nasl
Version: 1.6
Type: remote
Family: Web Servers
Published: 2/20/2013
Updated: 6/12/2020
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.0
CVSS v2
Risk Factor: Medium
Base Score: 4
Temporal Score: 3.1
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N
Vulnerability Information
CPE: cpe:/a:oracle:application_express
Required KB Items: Oracle/Apex
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 4/15/2009
Vulnerability Publication Date: 4/15/2009
Reference Information
CVE: CVE-2009-0981
BID: 34461