Vulnerabilities > CVE-2009-1993 - Application Express Unspecified vulnerability in Oracle Database Server 3.0.1
Summary
Unspecified vulnerability in the Application Express component in Oracle Database 3.0.1 allows remote authenticated users to affect confidentiality and integrity, related to FLOWS_030000.WWV_EXECUTE_IMMEDIATE. Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html "Overview of Oracle Application Express Oracle Application Express is a rapid web application development tool for the Oracle Database. In Oracle Database releases up to and including 10g Release 2, Oracle Application Express was separately installed from a Companion CD supplied with the Oracle Database CD set or from a package downloaded from an Oracle web site. If you have not installed Oracle Application Express from the companion CD or from a packaged download from an Oracle web site, no further action is required. From Oracle Database 11g onwards, Oracle Application Express is included in the default installation of the Oracle Database. If you have Oracle Application Express installed in an Oracle Database home, then refer to Critical Patch Update October 2009 Patch Availability Document for Oracle Products, My Oracle Support Note 881382.1 for the version to be installed. "
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Web Servers NASL id ORACLE_APEX_CVE-2009-1993.NASL description There is an unspecified vulnerability in Oracle Application Express. last seen 2020-06-01 modified 2020-06-02 plugin id 64709 published 2013-02-20 reporter This script is Copyright (C) 2013-2018 Recx Ltd. source https://www.tenable.com/plugins/nessus/64709 title Oracle Application Express (Apex) CVE-2009-1993 NASL family Databases NASL id ORACLE_RDBMS_CPU_OCT_2009.NASL description The remote Oracle database server is missing the October 2009 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Advanced Queuing - Application Express - Auditing - Authentication - Core RDBMS - Data Mining - Data Pump - Network Authentication - Net Foundation Layer - Oracle Spatial - Oracle Text - PL/SQL - Workspace Manager last seen 2020-06-02 modified 2011-11-16 plugin id 56066 published 2011-11-16 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56066 title Oracle Database Multiple Vulnerabilities (October 2009 CPU)