ID CVE-2007-3860
Summary Unspecified vulnerability in Oracle Application Express (formerly Oracle HTML DB) 2.2.0.00.32 up to 3.0.0.00.20 allows developers to have an unknown impact via unknown attack vectors, aka APEX01. NOTE: a reliable researcher states that this is SQL injection in the wwv_flow_security.check_db_password function due to insufficient checks for '"' characters.
References
Vulnerable Configurations
  • Oracle Application Express 2.2.0.00.32
    cpe:2.3:a:oracle:apex:2.2.0.00.32
  • Oracle Application Express 3.0.0.00.20
    cpe:2.3:a:oracle:apex:3.0.0.00.20
CVSS
Base: 7.5 (as of 20-07-2007 - 08:21)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
NASL family Web Servers
NASL id ORACLE_APEX_PRE301.NASL
description There are unspecified vulnerabilities in versions prior to version 3.0.1 of the Oracle Application Express component of the Oracle Database.
last seen 2019-02-21
modified 2018-11-15
plugin id 64715
published 2013-02-20
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=64715
title Oracle Application Express (Apex) Unspecified Issues (pre 3.0.1)
refmap via4
bugtraq 20070718 Oracle Security: SQL Injection in APEX CHECK_DB_PASSWORD
cert TA07-200A
confirm http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html
hp
  • HPSBMA02133
  • SSRT061201
misc
sectrack 1018415
secunia
  • 26114
  • 26166
sreason 2901
vupen
  • ADV-2007-2562
  • ADV-2007-2635
xf
  • oracle-apex-sql-injection(35499)
  • oracle-cpu-july2007(35490)
Last major update 22-10-2012 - 22:31
Published 18-07-2007 - 15:30
Last modified 15-10-2018 - 17:31
Back to Top