| Name | Oracle.Database.APEX.Password.Hash.Disclosure |
| Release Date | Jun 23, 2009 |
| Severity | Low |
| Impact | Information Disclosure |
| Description | This indicates an attack attempt against an information-disclosure vulnerability in the Application Express component in Oracle Database.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted HTTP reqeust. It allows an authenticated attacker obtain access to password hashes via certain database views. |
| Affected Products | Oracle Oracle11g 11.1.0.7 |
| Recommended Actions | Apply the patch released by the vendor: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-0981
|
| Reference/s | http://www.securityfocus.com/bid/34461 (BugTraq)
|