ID de Prueba:	1.3.6.1.4.1.25623.1.0.11225
Categoría:	Web application abuses
Título:	Oracle 9iAS OWA UTIL access
Resumen:	Oracle 9iAS can provide access to the PL/SQL application OWA_UTIL that; provides web access to some stored procedures.
Descripción:	Summary: Oracle 9iAS can provide access to the PL/SQL application OWA_UTIL that provides web access to some stored procedures. Vulnerability Impact: These procuedures, without authentication, can allow users to access sensitive information such as source code of applications, user credentials to other database servers and run arbitrary SQL queries on servers accessed by the application server. Solution: Apply the appropriate patch listed in the references. Details how you can restrict unauthenticated access to procedures using the exclusion_list parameter in the PL/SQL gateway configuration file: /Apache/modplsql/cfg/wdbsvr.app. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2002-0560 BugTraq ID: 4294 http://www.securityfocus.com/bid/4294 Bugtraq: 20020206 Hackproofing Oracle Application Server paper (Google Search) http://marc.info/?l=bugtraq&m=101301813117562&w=2 http://www.cert.org/advisories/CA-2002-08.html CERT/CC vulnerability note: VU#307835 http://www.kb.cert.org/vuls/id/307835 http://www.nextgenss.com/papers/hpoas.pdf
Copyright	Copyright (C) 2003 Javier Fernandez-Sanguino

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.