ID CVE-2009-1993
Summary Unspecified vulnerability in the Application Express component in Oracle Database 3.0.1 allows remote authenticated users to affect confidentiality and integrity, related to FLOWS_030000.WWV_EXECUTE_IMMEDIATE. Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html "Overview of Oracle Application Express Oracle Application Express is a rapid web application development tool for the Oracle Database. In Oracle Database releases up to and including 10g Release 2, Oracle Application Express was separately installed from a Companion CD supplied with the Oracle Database CD set or from a package downloaded from an Oracle web site. If you have not installed Oracle Application Express from the companion CD or from a packaged download from an Oracle web site, no further action is required. From Oracle Database 11g onwards, Oracle Application Express is included in the default installation of the Oracle Database. If you have Oracle Application Express installed in an Oracle Database home, then refer to Critical Patch Update October 2009 Patch Availability Document for Oracle Products, My Oracle Support Note 881382.1 for the version to be installed. "
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:database_server:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:3.0.1:*:*:*:*:*:*:*
CVSS
Base: 5.5 (as of 23-10-2012 - 03:07)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:N
refmap via4
bid 36759
cert TA09-294A
confirm http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html
sectrack 1023057
secunia 37027
Last major update 23-10-2012 - 03:07
Published 22-10-2009 - 18:30
Back to Top