Vulnerabilities > CVE-2010-0892 - Remote vulnerability in Oracle Database Server 3.2.0.00.27
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2.0.00.27 allows remote attackers to affect integrity via unknown vectors. Per: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html 'For patching information please see Critical Patch Update July 2010 Patch Availability Document for Oracle Products, My Oracle Support Note 1089044.1.'
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Databases NASL id ORACLE_RDBMS_CPU_JULY_2010.NASL description The remote Oracle database server is missing the July 2010 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Listener - Net Foundation Layer - Oracle OLAP - Application Express - Network Layer - Export last seen 2020-06-02 modified 2010-07-14 plugin id 47718 published 2010-07-14 reporter This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47718 title Oracle Database Multiple Vulnerabilities (July 2010 CPU) code # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(47718); script_version("1.20"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01"); script_cve_id( "CVE-2010-0892", "CVE-2010-0900", "CVE-2010-0901", "CVE-2010-0902", "CVE-2010-0903", "CVE-2010-0911" ); script_bugtraq_id(41621, 41635, 41639, 41643); script_name(english:"Oracle Database Multiple Vulnerabilities (July 2010 CPU)"); script_summary(english:"Checks installed patch info"); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote Oracle database server is missing the July 2010 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Listener - Net Foundation Layer - Oracle OLAP - Application Express - Network Layer - Export"); script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7d4821a1"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the July 2010 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/07/13"); script_set_attribute(attribute:"patch_publication_date", value:"2010/07/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/14"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:database_server"); script_set_attribute(attribute:"agent", value:"all"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("oracle_rdbms_query_patch_info.nbin", "oracle_rdbms_patch_info.nbin"); exit(0); } include("oracle_rdbms_cpu_func.inc"); ################################################################################ # JUL2010 patches = make_nested_array(); # RDBMS 11.1.0.7 patches["11.1.0.7"]["db"]["nix"] = make_array("patch_level", "11.1.0.7.4", "CPU", "9655014, 9654987"); patches["11.1.0.7"]["db"]["win32"] = make_array("patch_level", "11.1.0.7.30", "CPU", "9869911"); patches["11.1.0.7"]["db"]["win64"] = make_array("patch_level", "11.1.0.7.30", "CPU", "9869912"); # RDBMS 11.2.0.1 patches["11.2.0.1"]["db"]["nix"] = make_array("patch_level", "11.2.0.1.2", "CPU", "9655013, 9654983"); patches["11.2.0.1"]["db"]["win32"] = make_array("patch_level", "11.2.0.1.3", "CPU", "9736864"); patches["11.2.0.1"]["db"]["win64"] = make_array("patch_level", "11.2.0.1.3", "CPU", "9736865"); # RDBMS 10.1.0.5 patches["10.1.0.5"]["db"]["nix"] = make_array("patch_level", "10.1.0.5.19", "CPU", "9655023"); patches["10.1.0.5"]["db"]["win32"] = make_array("patch_level", "10.1.0.5.39", "CPU", "9683651"); # RDBMS 10.2.0.4 patches["10.2.0.4"]["db"]["nix"] = make_array("patch_level", "10.2.0.4.5", "CPU", "9655017, 9654991"); patches["10.2.0.4"]["db"]["win32"] = make_array("patch_level", "10.2.0.4.38", "CPU", "9777076"); patches["10.2.0.4"]["db"]["win64"] = make_array("patch_level", "10.2.0.4.38", "CPU", "9777078"); check_oracle_database(patches:patches, high_risk:TRUE);NASL family Web Servers NASL id ORACLE_APEX_CVE-2010-0892.NASL description An unspecified vulnerability in version 3.2 of the Application Express component of Oracle Database Server allows remote attackers to affect integrity via unknown vectors. last seen 2020-06-01 modified 2020-06-02 plugin id 64711 published 2013-02-20 reporter This script is Copyright (C) 2013-2018 Recx Ltd. source https://www.tenable.com/plugins/nessus/64711 title Oracle Application Express (Apex) CVE-2010-0892 code # --------------------------------------------------------------------------------- # (c) Recx Ltd 2009-2012 # http://www.recx.co.uk/ # # Detection script for multiple issues within Oracle Application Express # # = 3.2 # https://www.oracle.com/technetwork/topics/security/cpujul2010-155308.html # http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=1089044.1 # Unspecified vulnerability in the Application Express component in Oracle # Database Server 3.2.0.00.27 allows remote attackers to affect integrity via unknown vectors. # CVE-2010-0892 # # Version 1.0 # --------------------------------------------------------------------------------- include("compat.inc"); if (description) { script_id(64711); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12"); script_cve_id("CVE-2010-0892"); script_bugtraq_id(41621); script_name(english:"Oracle Application Express (Apex) CVE-2010-0892"); script_summary(english:"Checks Apex version against CVE-2010-0892"); script_set_attribute(attribute:"synopsis", value:"The remote host is running a vulnerable version of Oracle Apex." ); script_set_attribute( attribute:"description", value: "An unspecified vulnerability in version 3.2 of the Application Express component of Oracle Database Server allows remote attackers to affect integrity via unknown vectors." ); script_set_attribute(attribute:"solution", value:"Upgrade Application Express to at least version 3.2.1."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"see_also", value:"http://www.oracle.com/technetwork/developer-tools/apex/index.html" ); script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/topics/security/cpujul2010-155308.html" ); # http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=1089044.1 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3955a3de" ); script_set_attribute(attribute:"vuln_publication_date", value:"2010/07/13"); script_set_attribute(attribute:"patch_publication_date", value:"2010/07/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/20"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe",value:"cpe:/a:oracle:application_express"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2013-2020 Recx Ltd."); script_dependencies("oracle_apex_detect_version.nasl"); script_require_keys("Oracle/Apex"); script_require_ports("Services/www", 8080, 80, 443); exit(0); } include("global_settings.inc"); include("http_func.inc"); include("http_keepalive.inc"); function raise_finding(port, report) { if(report_verbosity > 0) security_warning(port:port, extra:report); else security_warning(port); } port = get_http_port(default:8080, embedded:TRUE); if (!get_port_state(port)) exit(0, "Port " + port + " is not open."); version = get_kb_item("Oracle/Apex/"+port+"/Version"); if(!version) exit(0, "The 'Oracle/Apex/" + port + "/Version' KB item is not set."); location = get_kb_item("Oracle/Apex/" + port + "/Location"); if(!location) exit(0, "The 'Oracle/Apex/" + port + "/Location' KB item is not set."); url = build_url(qs:location, port:port); if (version == "3.2") { report = '\n URL : ' + url + '\n Installed version : ' + version + '\n Fixed version : 3.2.1' + '\n'; raise_finding(port:port, report:report); exit(0); } exit(0, "The Oracle Apex install at " + url + " is version " + version + " and is not affected.");