Lucene search

[email protected]NVD:CVE-2009-0981

HistoryApr 15, 2009 - 10:30 a.m.

CVE-2009-0981

2009-04-1510:30:00

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

5.4

Confidence

Low

EPSS

0.16

Percentile

96.1%

JSON

Unspecified vulnerability in the Application Express component in Oracle Database 11.1.0.7 allows remote authenticated users to affect confidentiality, related to APEX. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue allows remote authenticated users to obtain APEX password hashes from the WWV_FLOW_USERS table via a SELECT statement.

Affected configurations

Nvd

Node

oracledatabase_11gMatch11.1.0.7

VendorProductVersionCPE
oracledatabase_11g11.1.0.7cpe:2.3:a:oracle:database_11g:11.1.0.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	database_11g	11.1.0.7	cpe:2.3:a:oracle:database_11g:11.1.0.7:::::::*

References

osvdb.org/53738

secunia.com/advisories/34693

www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html

www.red-database-security.com/advisory/apex_password_hashes.html

www.securityfocus.com/archive/1/502724/100/0/threaded

www.securityfocus.com/bid/34461

www.securitytracker.com/id?1022052

www.us-cert.gov/cas/techalerts/TA09-105A.html

www.exploit-db.com/exploits/8456

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

5.4

Confidence

Low

EPSS

0.16

Percentile

96.1%

JSON

Related for NVD:CVE-2009-0981

exploitpack1 zdt1 securityvulns2 packetstorm1 checkpoint_advisories1 cvelist1 nessus2 seebug2 prion1 exploitdb1 cve1 oracle1