Release DateJun 23, 2009 |
Severitymedium |
ImpactInformation Disclosure |
DescriptionThis indicates an attack attempt against an information-disclosure vulnerability in the Application Express component in Oracle Database.The vulnerability is caused by an error when the vulnerable software handles a specially crafted HTTP reqeust. It allows an authenticated attacker obtain access to password hashes via certain database views. |
Affected ProductsOracle Oracle11g 11.1.0.7 |
Recommended ActionsApply the patch released by the vendor:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2009-0981 |
Reference/shttp://www.securityfocus.com/bid/34461 (BugTraq) |