Vulnerabilities > CVE-2012-1708 - Remote Application Express vulnerability in Oracle Database Server 4.0/4.1
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Unspecified vulnerability in the Application Express component in Oracle Database Server 4.0 and 4.1 allows remote attackers to affect integrity via unknown vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Nessus
NASL family Web Servers NASL id ORACLE_APEX_CVE-2012-1708.NASL description An unspecified vulnerability in versions 4.0 and 4.1 of the Application Express (Apex) component of the Oracle Database Server allows remote attackers to affect integrity via unpublished vectors. last seen 2020-06-01 modified 2020-06-02 plugin id 64713 published 2013-02-20 reporter This script is Copyright (C) 2013-2019 Recx Ltd. source https://www.tenable.com/plugins/nessus/64713 title Oracle Application Express (Apex) CVE-2012-1708 code # --------------------------------------------------------------------------------- # (c) Recx Ltd 2009-2012 # http://www.recx.co.uk/ # # Detection script for CVE-2012-1708 # Ref: https://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html # Oracle Application Express v4.0 < x < v4.1.1 # # Unspecified vulnerability in the Application Express component in Oracle # Database Server 4.0 and 4.1 allows remote attackers to affect integrity # via unknown vectors. # # Version 1.0 # --------------------------------------------------------------------------------- include("compat.inc"); if (description) { script_id(64713); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12"); script_cve_id("CVE-2012-1708"); script_bugtraq_id(53104); script_name(english:"Oracle Application Express (Apex) CVE-2012-1708"); script_summary(english:"Checks whether vulnerable to CVE-2012-1708"); script_set_attribute(attribute:"synopsis", value: "The remote host is running a vulnerable version of Oracle Apex."); script_set_attribute(attribute:"description", value: "An unspecified vulnerability in versions 4.0 and 4.1 of the Application Express (Apex) component of the Oracle Database Server allows remote attackers to affect integrity via unpublished vectors."); script_set_attribute(attribute:"see_also", value:"http://www.oracle.com/technetwork/developer-tools/apex/index.html"); script_set_attribute(attribute:"see_also", value:"https://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"); script_set_attribute(attribute:"see_also", value:"https://www.recx.co.uk/downloads/Recx-Apex-CVE-2012-1708.pdf"); script_set_attribute(attribute:"solution", value: "Upgrade Application Express to at least version 4.1.1."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-1708"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/18"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/20"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:application_express"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2013-2020 Recx Ltd."); script_dependencies("oracle_apex_detect_version.nasl"); script_require_keys("Oracle/Apex"); script_require_ports("Services/www", 8080, 80, 443); exit(0); } include("global_settings.inc"); include("http_func.inc"); include("http_keepalive.inc"); function raise_finding(port, report) { if(report_verbosity > 0) security_warning(port:port, extra:report); else security_warning(port); } port = get_http_port(default:8080, embedded:TRUE); if (!get_port_state(port)) exit(0, "Port " + port + " is not open."); version = get_kb_item("Oracle/Apex/"+port+"/Version"); if(!version) exit(0, "The 'Oracle/Apex/" + port + "/Version' KB item is not set."); location = get_kb_item("Oracle/Apex/" + port + "/Location"); if(!location) exit(0, "The 'Oracle/Apex/" + port + "/Location' KB item is not set."); url = build_url(qs:location, port:port); if (version == "4.0" || version == "4.0.1" || version == "4.0.2" || version == "4.1") { report = '\n URL : ' + url + '\n Installed version : ' + version + '\n Fixed version : 4.1.1' + '\n'; raise_finding(port:port, report:report); exit(0); } exit(0, "The Oracle Apex install at " + url + " is version " + version + " and is not affected.");NASL family Databases NASL id ORACLE_RDBMS_CPU_APR_2012.NASL description The remote Oracle database server is missing the April 2012 Critical Patch Update (CPU) and is, therefore, potentially affected by security issues in the following components : - Core RDBMS - Oracle Spatial - OCI - Enterprise Manager Base Platform - Application Express last seen 2020-06-02 modified 2012-04-19 plugin id 58798 published 2012-04-19 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/58798 title Oracle Database Multiple Vulnerabilities (April 2012 CPU) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(58798); script_version("1.17"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01"); script_cve_id( "CVE-2012-0510", "CVE-2012-0511", "CVE-2012-0512", "CVE-2012-0519", "CVE-2012-0520", "CVE-2012-0525", "CVE-2012-0526", "CVE-2012-0527", "CVE-2012-0528", "CVE-2012-0534", "CVE-2012-0552", "CVE-2012-1708" ); script_bugtraq_id( 53063, 53072, 53076, 53081, 53084, 53089, 53090, 53092, 53093, 53097, 53101, 53104 ); script_name(english:"Oracle Database Multiple Vulnerabilities (April 2012 CPU)"); script_summary(english:"Checks installed patch info"); script_set_attribute(attribute:"synopsis", value: "The remote database server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The remote Oracle database server is missing the April 2012 Critical Patch Update (CPU) and is, therefore, potentially affected by security issues in the following components : - Core RDBMS - Oracle Spatial - OCI - Enterprise Manager Base Platform - Application Express"); # https://www.teamshatter.com/topics/general/team-shatter-exclusive/advisory-sql-injection-in-oracle-enterprise-manager-searchpage-web-page/ script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b9e3b595"); # https://www.teamshatter.com/topics/general/team-shatter-exclusive/advisory-http-response-splitting-in-oem-prevpage/ script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a38b382b"); # https://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?83822adc"); script_set_attribute(attribute:"solution", value: "Apply the appropriate patch according to the April 2012 Oracle Critical Patch Update advisory."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/04/17"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/04/19"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:database_server"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"agent", value:"all"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Databases"); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("oracle_rdbms_query_patch_info.nbin", "oracle_rdbms_patch_info.nbin"); exit(0); } include("oracle_rdbms_cpu_func.inc"); ################################################################################ # APR2012 patches = make_nested_array(); # RDBMS 11.1.0.7 patches["11.1.0.7"]["db"]["nix"] = make_array("patch_level", "11.1.0.7.11", "CPU", "13632731, 13621679"); patches["11.1.0.7"]["db"]["win32"] = make_array("patch_level", "11.1.0.7.45", "CPU", "13715809"); patches["11.1.0.7"]["db"]["win64"] = make_array("patch_level", "11.1.0.7.45", "CPU", "13715810"); # RDBMS 11.2.0.2 patches["11.2.0.2"]["db"]["nix"] = make_array("patch_level", "11.2.0.2.6", "CPU", "13632725, 13696224"); patches["11.2.0.2"]["db"]["win32"] = make_array("patch_level", "11.2.0.2.17", "CPU", "13697073"); patches["11.2.0.2"]["db"]["win64"] = make_array("patch_level", "11.2.0.2.17", "CPU", "13697074"); # RDBMS 11.2.0.3 patches["11.2.0.3"]["db"]["nix"] = make_array("patch_level", "11.2.0.3.2", "CPU", "13632717, 13696216"); patches["11.2.0.3"]["db"]["win32"] = make_array("patch_level", "11.2.0.3.5", "CPU", "13885388"); patches["11.2.0.3"]["db"]["win64"] = make_array("patch_level", "11.2.0.3.5", "CPU", "13885389"); # RDBMS 10.2.0.5 patches["10.2.0.5"]["db"]["nix"] = make_array("patch_level", "10.2.0.5.7", "CPU", "13632738, 13632743"); patches["10.2.0.5"]["db"]["win32"] = make_array("patch_level", "10.2.0.5.15", "CPU", "13654814"); patches["10.2.0.5"]["db"]["win64"] = make_array("patch_level", "10.2.0.5.15", "CPU", "13654815"); # RDBMS 10.2.0.4 patches["10.2.0.4"]["db"]["nix"] = make_array("patch_level", "10.2.0.4.12", "CPU", "12879926, 12879933"); patches["10.2.0.4"]["db"]["win32"] = make_array("patch_level", "10.2.0.4.49", "CPU", "13928775"); patches["10.2.0.4"]["db"]["win64"] = make_array("patch_level", "10.2.0.4.49", "CPU", "13928776"); check_oracle_database(patches:patches, high_risk:TRUE);