Oracle Application Express (Apex) CVE-2011-3525

This script is Copyright (C) 2009-2013 Recx Ltd.


Synopsis :

The remote host is running a vulnerable version of Oracle Apex.

Description :

An unspecified vulnerability in versions 3.2 and 4.0 of the
Application Express (Apex) component of the Oracle Database Server
allows remote, authenticated users to affect confidentiality,
integrity, and availability, relating to the Apex developer user.

See also :

http://www.oracle.com/technetwork/developer-tools/apex/index.html
http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html
http://www.recx.co.uk/research/index.php?item=CVE-2011-3525

Solution :

Upgrade Application Express to at least version 4.1.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)

Family: Web Servers

Nessus Plugin ID: 64712 ()

Bugtraq ID: 50197

CVE ID: CVE-2011-3525

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial