Vulnerabilities > CVE-2009-0981 - Multiple vulnerability in Oracle Database 11G 11.1.0.7

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
oracle
nessus
exploit available
NVD
Published: 2009-04-15
Updated: 2018-10-10

Summary

Unspecified vulnerability in the Application Express component in Oracle Database 11.1.0.7 allows remote authenticated users to affect confidentiality, related to APEX. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue allows remote authenticated users to obtain APEX password hashes from the WWV_FLOW_USERS table via a SELECT statement.

Vulnerable Configurations

Part Description Count
Application
Oracle
1

Exploit-Db

descriptionOracle APEX 3.2 Unprivileged DB users can see APEX password hashes. CVE-2009-0981. Local exploits for multiple platform
fileexploits/multiple/local/8456.txt
idEDB-ID:8456
last seen2016-02-01
modified2009-04-16
platformmultiple
port
published2009-04-16
reporterAlexander Kornbrust
sourcehttps://www.exploit-db.com/download/8456/
titleOracle APEX 3.2 - Unprivileged DB users can see APEX password hashes
typelocal

Nessus

  • NASL familyDatabases
    NASL idORACLE_RDBMS_CPU_APR_2009.NASL
    descriptionThe remote Oracle database server is missing the April 2009 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Advanced Queuing - Application Express - Cluster Ready Services - Core RDBMS - Database Vault - Listener - Password Policy - Resource Manager - SQLX Functions - Workspace Manager
    last seen2020-06-02
    modified2011-11-16
    plugin id56064
    published2011-11-16
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56064
    titleOracle Database Multiple Vulnerabilities (April 2009 CPU)
  • NASL familyWeb Servers
    NASL idORACLE_APEX_CVE-2009-0981.NASL
    descriptionUnprivileged database users can see Oracle Apex password hashes in FLOWS_030000.WWV_FLOW_USER.
    last seen2020-06-01
    modified2020-06-02
    plugin id64708
    published2013-02-20
    reporterThis script is Copyright (C) 2013-2018 Recx Ltd.
    sourcehttps://www.tenable.com/plugins/nessus/64708
    titleOracle Application Express (Apex) CVE-2009-0981

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/76731/apex-disclose.txt
idPACKETSTORM:76731
last seen2016-12-05
published2009-04-16
reporterAlexander Kornbrust
sourcehttps://packetstormsecurity.com/files/76731/APEX-Password-Hash-Disclosure.html
titleAPEX Password Hash Disclosure

Seebug

  • bulletinFamilyexploit
    descriptionBUGTRAQ ID: 34461 CVE(CAN) ID: CVE-2009-0974,CVE-2009-0983,CVE-2009-0989,CVE-2009-0990,CVE-2009-0993,CVE-2009-0994,CVE-2009-0996,CVE-2009-1008,CVE-2009-1009,CVE-2009-1010,CVE-2009-1011,CVE-2009-1017,CVE-2009-0995,CVE-2009-0999,CVE-2009-1000,CVE-2009-1001,CVE-2009-1002,CVE-2009-1003,CVE-2009-1004,CVE-2009-1005,CVE-2009-1006,CVE-2009-1012,CVE-2009-1016,CVE-2009-0972,CVE-2009-0973,CVE-2009-0975,CVE-2009-0976,CVE-2009-0977,CVE-2009-0978,CVE-2009-0979,CVE-2009-0980,CVE-2009-0981,CVE-2009-0984,CVE-2009-0985,CVE-2009-0986,CVE-2009-0988,CVE-2009-0991,CVE-2009-0992,CVE-2009-0997,CVE-2009-0982,CVE-2009-0998,CVE-2009-1013,CVE-2009-1014,CVE-2009-0189,CVE-2009-0190 Oracle Database是一款商业性质大型数据库系统。 Oracle发布了2009年4月的紧急补丁更新公告,修复了多个Oracle产品中的多个漏洞。这些漏洞影响Oracle产品的所有安全属性,可导致本地和远程的威胁。其中一些漏洞可能需要各种级别的授权,但也有些不需要任何授权。最严重的漏洞可能导致完全入侵数据库系统。 1) Oracle进程管理器和通知(opmn)守护程序中存在格式串错误,远程攻击者可以通过向6000/TCP端口提交特制的POST请求导致执行任意代码。 2) 由于没有正确地过滤对DBMS_AQIN软件包所传送的输入,远程攻击者可以通过提交恶意的查询请求执行SQL注入攻击。 3) Oracle数据库所捆绑的Application Express组件中的错误可能允许非特权用户泄露LOWS_030000.WWV_FLOW_USER中的APEX口令哈希。 4) 远程攻击者可以通过向WebLogic Server插件提交恶意的HTTP请求触发堆溢出。 5) WebLogic Server插件在解析SSL证书时存在栈溢出漏洞。 Oracle Application Server 10.1.2.3.0 Oracle E-Business Suite 12.0.6 Oracle E-Business Suite 11.5.10.2 Oracle Database 9.2.0.8DV Oracle Database 9.2.0.8 Oracle Database 11.1.0.7 Oracle Database 11.1.0.6 Oracle Database 10.2.0.4 Oracle Database 10.2.0.3 Oracle Database 10.1.0.5 Oracle PeopleSoft Enterprise PeopleTools 8.49 Oracle WebLogic Server 9.2 Oracle WebLogic Server 9.1 GA Oracle WebLogic Server 9.0 GA Oracle WebLogic Server 8.1 Oracle WebLogic Server 7.0 Oracle WebLogic Server 10.3 Oracle PeopleSoft Enterprise HRMS 9.0 Oracle PeopleSoft Enterprise HRMS 8.9 Oracle Outside In SDK HTML Export 8.3.0 Oracle Outside In SDK HTML Export 8.2.2 Oracle XML Publisher 5.6.2 Oracle XML Publisher 10.1.3.2.1 Oracle XML Publisher 10.1.3.2 Oracle BI Publisher 10.1.3.4 Oracle BI Publisher 10.1.3.3.3 Oracle BI Publisher 10.1.3.3.2 Oracle BI Publisher 10.1.3.3.1 Oracle BI Publisher 10.1.3.3.0 Oracle WebLogic Portal 8.1 Oracle Data Service Integrator 10.3.0 Oracle AquaLogic Data Services Platform 3.2 Oracle AquaLogic Data Services Platform 3.0.1 Oracle AquaLogic Data Services Platform 3.0 Oracle JRockit R27.6.2 Oracle ------ Oracle已经为此发布了一个安全公告(cpuapr2009)以及相应补丁: cpuapr2009:Oracle Critical Patch Update Advisory - April 2009 链接:<a href=http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html?_template=/o target=_blank rel=external nofollow>http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html?_template=/o</a>
    idSSV:5060
    last seen2017-11-19
    modified2009-04-16
    published2009-04-16
    reporterRoot
    titleOracle 2009年4月紧急补丁更新修复多个漏洞
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:11029
    last seen2017-11-19
    modified2009-04-17
    published2009-04-17
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-11029
    titleOracle APEX 3.2 Unprivileged DB users can see APEX password hashes

References