Recx add Oracle APEX detection to Tenable Nessus

Recx have authored a selection of plugins for Tenable’s automated vulnerability analysis product Nessus. These facilitate the detection of Oracle APEX instances when networks are scanned by Nessus. The plugins can locate and analyse APEX web technology stacks to assist penetration testers, ethical hackers and network auditors in the identification of vulnerable versions of Oracle APEX on corporate networks.

In total Recx submitted thirteen plugins to Tenable all of which have been approved and are now including in their update feed for the Nessus Vulnerability Scanner. This allows Nessus to detect:

  • The presence of Oracle APEX on any web servers discovered during a network audit.
  • Determine the version of Oracle APEX in use.
  • If the APEX application builder interface is available.
  • Specific publicly disclosed vulnerabilities in the APEX instance.

Several vulnerabilities in the core of APEX have been released publicly and have Common Vulnerability and Exposure (CVE) references; the Recx plugins for Nessus can identify if these issues affect the discovered APEX instance:

  • CVE-2008-4005 – “Unspecified vulnerability in the Oracle Application Express component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.”
  • CVE-2009-0981 – “Unspecified vulnerability in the Application Express component in Oracle Database 11.1.0.7 allows remote authenticated users to affect confidentiality, related to APEX.”
  • CVE-2009-1993 – “Unspecified vulnerability in the Application Express component in Oracle Database 3.0.1 allows remote authenticated users to affect confidentiality and integrity, related to FLOWS_030000.WWV_EXECUTE_IMMEDIATE.”
  • CVE-2010-0076 – “Unspecified vulnerability in the Application Express Application Builder component in Oracle Database 3.2.1.00.10 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.”
  • CVE-2010-0892 – “Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2.0.00.27 allows remote attackers to affect integrity via unknown vectors.”
  • CVE-2011-3525 – “Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2 and 4.0 allows remote authenticated users to affect confidentiality, integrity, and availability, related to APEX developer user.”
  • CVE-2012-1708 – “Unspecified vulnerability in the Application Express component in Oracle Database Server 4.0 and 4.1 allows remote attackers to affect integrity via unknown vectors.”

These latter three issues were discovered and responsibly disclosed by Recx during the course of our ongoing vulnerability research into the Oracle APEX platform. These plugins are enabled by default:

Maintaining a current version of Oracle APEX is one part of the story to ensuring your environment is protected against cyber attacks. In addition to keeping the framework up-to-date, it’s critical to ensure that the deployed APEX applications are secured from web-level attacks such as SQL Injection and Cross-Site Scripting. Our 

ApexSec product can perform automated code level inspection of your in-house APEX applications, allowing the identification of vulnerabilities and the rapid mitigation of exposures.

We thank everyone at Tenable for accepting and integrating our plugins into their world leading product. We hope this helps our customers and the wider community maintain a secure operating environment in which to host their APEX applications.