Vulnerabilities > CVE-2006-5352 - Multiple vulnerability in Oracle October 2006 Security Update

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
oracle
critical
nessus
NVD
Published: 2006-10-18
Updated: 2018-10-17

Summary

Multiple unspecified vulnerabilities in Oracle Application Express 1.5 up to 1.6.1 have unknown impact and remote attack vectors, aka Vuln# (1) APEX04, (2) APEX20, and (3) APEX21.

Vulnerable Configurations

Part Description Count
Application
Oracle
2

Nessus

NASL familyWeb Servers
NASL idORACLE_APEX_PRE221.NASL
descriptionThere are unspecified vulnerabilities in versions prior to version 2.2.1 of the Oracle Application Express component of the Oracle Database. The updated version of Apex contains
last seen2020-06-01
modified2020-06-02
plugin id64714
published2013-02-20
reporterThis script is Copyright (C) 2013-2018 Recx Ltd.
sourcehttps://www.tenable.com/plugins/nessus/64714
titleOracle Application Express (Apex) Unspecified Issues (pre 2.2.1)
code
# ---------------------------------------------------------------------------------
# (c) Recx Ltd 2009-2012
# http://www.recx.co.uk/
#
# Detection script for multiple issues within Oracle Application Express
#
# < 2.2.1
# 35 new security fixes for Oracle Application Express, 25 of which may be remotely exploitable without authentication.
# The Oracle Application Express security vulnerabilities listed in the risk matrix above are fixed in version 2.2.1. All previous versions should be upgraded directly to version 2.2.1
# https://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html
#
# Version 1.0
# ---------------------------------------------------------------------------------

include("compat.inc");

if (description)
{
  script_id(64714);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12");

  script_cve_id("CVE-2006-5351", "CVE-2006-5352");
  script_bugtraq_id(20588);

  script_name(english:"Oracle Application Express (Apex) Unspecified Issues (pre 2.2.1)");
  script_summary(english:"Checks whether the Apex version is less than 2.2.1");

  script_set_attribute(attribute:"synopsis", value:"The remote host is running a vulnerable version of Oracle Apex." );
  script_set_attribute(
    attribute:"description",
    value:
"There are unspecified vulnerabilities in versions prior to version
2.2.1 of the Oracle Application Express component of the Oracle
Database. The updated version of Apex contains '35 new security fixes
for Oracle Application Express, 25 of which may be remotely
exploitable without authentication'."
  );
  script_set_attribute(attribute:"solution", value:"Upgrade Application Express to at least version 2.2.1.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"exploithub_sku", value:"EH-11-486");
  script_set_attribute(attribute:"exploit_framework_exploithub", value:"true");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
  script_set_attribute(attribute:"see_also", value:"http://www.oracle.com/technetwork/developer-tools/apex/index.html" );
  script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/topics/security/cpuoct2006-095368.html");

  script_set_attribute(attribute:"vuln_publication_date", value:"2006/10/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2006/10/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/20");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe",value:"cpe:/a:oracle:application_express");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Web Servers");

  script_copyright(english:"This script is Copyright (C) 2013-2020 Recx Ltd.");

  script_dependencies("oracle_apex_detect_version.nasl");
  script_require_keys("Oracle/Apex");
  script_require_ports("Services/www", 8080, 80, 443);

  exit(0);
}

include("global_settings.inc");
include("http_func.inc");
include("http_keepalive.inc");

function raise_finding(port, report)
{
  if(report_verbosity > 0)
    security_hole(port:port, extra:report);
  else security_hole(port);
}

port = get_http_port(default:8080, embedded:TRUE);

if (!get_port_state(port)) exit(0, "Port " + port + " is not open.");

version = get_kb_item("Oracle/Apex/"+port+"/Version");
if(!version) exit(0, "The 'Oracle/Apex/" + port + "/Version' KB item is not set.");

location = get_kb_item("Oracle/Apex/" + port + "/Location");
if(!location) exit(0, "The 'Oracle/Apex/" + port + "/Location' KB item is not set.");
url = build_url(qs:location, port:port);

if (version =~ "^[0-1]\." || version =~ "^2\.[0-1](\.|$)" ||
    version == "2.2")
{
  set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
  report = '\n  URL               : ' + url +
   	   '\n  Installed version : ' + version +
           '\n  Fixed version     : 2.2.1' + '\n';
  raise_finding(port:port, report:report);
  exit(0);
}

exit(0, "The Oracle Apex install at " + url + " is version " + version + " and is not affected.");

Saint

bid20588
descriptionOracle Spatial component SDO_CS.TRANSFORM_LAYER buffer overflow
iddatabase_oracle_version
osvdb31462
titleoracle_spatial_transform_layer
typeremote

References