Oracle 9iAS OWA_UTIL Stored Procedures Information Disclosure

This script is Copyright (C) 2003-2016 Javier Fernandez-Sanguino

Synopsis :

Sensitive data may be accessed on the remote host.

Description :

Oracle 9iAS can provide access to the PL/SQL application OWA_UTIL that
provides web access to some stored procedures. These procedures,
without authentication, can allow users to access sensitive information
such as source code of applications, user credentials to other database
servers and run arbitrary SQL queries on servers accessed by the
application server.

See also :

Solution :

Apply the appropriate patch listed in Oracle's advisory, which details
how you can restrict unauthenticated access to procedures using the
exclusion_list parameter in the PL/SQL gateway configuration file

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.8
Public Exploit Available : true

Family: Databases

Nessus Plugin ID: 11225 ()

Bugtraq ID: 4294

CVE ID: CVE-2002-0560

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now