Test ID:	1.3.6.1.4.1.25623.1.0.11225
Category:	Web application abuses
Title:	Oracle 9iAS OWA UTIL access
Summary:	Oracle 9iAS can provide access to the PL/SQL application OWA_UTIL that; provides web access to some stored procedures.
Description:	Summary: Oracle 9iAS can provide access to the PL/SQL application OWA_UTIL that provides web access to some stored procedures. Vulnerability Impact: These procuedures, without authentication, can allow users to access sensitive information such as source code of applications, user credentials to other database servers and run arbitrary SQL queries on servers accessed by the application server. Solution: Apply the appropriate patch listed in the references. Details how you can restrict unauthenticated access to procedures using the exclusion_list parameter in the PL/SQL gateway configuration file: /Apache/modplsql/cfg/wdbsvr.app. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2002-0560 BugTraq ID: 4294 http://www.securityfocus.com/bid/4294 Bugtraq: 20020206 Hackproofing Oracle Application Server paper (Google Search) http://marc.info/?l=bugtraq&m=101301813117562&w=2 http://www.cert.org/advisories/CA-2002-08.html CERT/CC vulnerability note: VU#307835 http://www.kb.cert.org/vuls/id/307835 http://www.nextgenss.com/papers/hpoas.pdf
Copyright	Copyright (C) 2003 Javier Fernandez-Sanguino

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.