Intrusion Prevention

Oracle.Database.APEX.Password.Hash.Disclosure

Description

This indicates an attack attempt against an information-disclosure vulnerability in the Application Express component in Oracle Database.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted HTTP reqeust. It allows an authenticated attacker obtain access to password hashes via certain database views.

Affected Products

Oracle Oracle11g 11.1.0.7

Impact

Information Disclosure

Recommended Actions

Apply the patch released by the vendor:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html

CVE References

CVE-2009-0981