Oracle 9iAS OWA_UTIL Stored Procedures Information Disclosure

This script is Copyright (C) 2003-2014 Javier Fernandez-Sanguino

Synopsis :

Sensitive data may be accessed on the remote host.

Description :

Oracle 9iAS can provide access to the PL/SQL application OWA_UTIL that
provides web access to some stored procedures. These procedures,
without authentication, can allow users to access sensitive information
such as source code of applications, user credentials to other database
servers and run arbitrary SQL queries on servers accessed by the
application server.

See also :

Solution :

Apply the appropriate patch listed in Oracle's advisory, which details
how you can restrict unauthenticated access to procedures using the
exclusion_list parameter in the PL/SQL gateway configuration file

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.8
Public Exploit Available : true

Family: Databases

Nessus Plugin ID: 11225 ()

Bugtraq ID: 4294

CVE ID: CVE-2002-0560

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial