Oracle Application Express (Apex) CVE-2011-3525

This script is Copyright (C) 2013-2016 Recx Ltd.


Synopsis :

The remote host is running a vulnerable version of Oracle Apex.

Description :

An unspecified vulnerability in versions 3.2 and 4.0 of the
Application Express (Apex) component of the Oracle Database Server
allows remote, authenticated users to affect confidentiality,
integrity, and availability, relating to the Apex developer user.

See also :

http://www.oracle.com/technetwork/developer-tools/apex/index.html
http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html
http://www.recx.co.uk/research/index.php?item=CVE-2011-3525

Solution :

Upgrade Application Express to at least version 4.1.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)

Family: Web Servers

Nessus Plugin ID: 64712 ()

Bugtraq ID: 50197

CVE ID: CVE-2011-3525

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now