Oracle Application Express (Apex) CVE-2011-3525

This script is Copyright (C) 2009-2013 Recx Ltd.


Synopsis :

The remote host is running a vulnerable version of Oracle Apex.

Description :

An unspecified vulnerability in versions 3.2 and 4.0 of the
Application Express (Apex) component of the Oracle Database Server
allows remote, authenticated users to affect confidentiality,
integrity, and availability, relating to the Apex developer user.

See also :

http://www.oracle.com/technetwork/developer-tools/apex/index.html
http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html
http://www.recx.co.uk/research/index.php?item=CVE-2011-3525

Solution :

Upgrade Application Express to at least version 4.1.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)

Family: Web Servers

Nessus Plugin ID: 64712 ()

Bugtraq ID: 50197

CVE ID: CVE-2011-3525