Oracle.Database.APEX.Password.Hash.Disclosure

description-logoDescription

This indicates an attack attempt against an information-disclosure vulnerability in the Application Express component in Oracle Database.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted HTTP reqeust. It allows an authenticated attacker obtain access to password hashes via certain database views.

affected-products-logoAffected Products

Oracle Oracle11g 11.1.0.7

Impact logoImpact

Information Disclosure

recomended-action-logoRecommended Actions

Apply the patch released by the vendor:

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2018-10-16 13.473 Sig Added