AppDetective™ Update 3.2.20 - 03 February 2004

CHECK ENHANCEMENTS

• Oracle
• IBM DB2
• Sybase Adaptive Server
• Web Application
• Platform-Relevant Operating System Level Checks

Microsoft SQL Server - NEW CHECKS

BUILTIN\Administrators not removed
Verifies that the sysadmin role has been revoked from the Windows group BUILTIN\Administrators.
Risk Level - Low

Sample database not removed
Verifies that sample databases have been removed from the database server.
Risk Level - Low

Oracle - NEW CHECKS

FROM_TZ buffer overflow
Checks if the database contains a buffer overflow in the built-in function FROM_TZ.
Risk Level - High

NUMTODSINTERVAL buffer overflow
Checks if the database contains a buffer overflow in the built-in function NUMTODSINTERVAL.
Risk Level - High

NUMTOYMINTERVAL buffer overflow
Checks if the database contains a buffer overflow in the built-in function NUMTOYMINTERVAL.
Risk Level - High

SSL Vulnerabilities
Checks if the database is vulnerable to SSL attacks.
Risk Level - High

TIME_ZONE buffer overflow
Checks if the database contains a buffer overflow when changing the TIME_ZONE for the session.
Risk Level - High

Account can access source code as SYS
Checks for accounts (other than DBA, SYS, and SYSTEM) that have been granted privileges to execute or create source code as SYS.
Risk Level - Medium

Account can become another user
Checks for accounts (other than DBA, SYS, and SYSTEM) that have been granted the privileges BECOME USER or ALTER USER.
Risk Level - Medium

Account can create public synonyms
Checks for accounts (other than DBA, SYS, and SYSTEM) that have been granted the privilege CREATE PUBLIC SYNONYM.
Risk Level - Medium

Account can grant any role
Checks for accounts (other than DBA, SYS, and SYSTEM) that have been granted the privilege GRANT ANY ROLE.
Risk Level - Medium

Account can replace public links
Checks for accounts (other than DBA, SYS, and SYSTEM) that have been granted the privileges DROP PUBLIC DATABASE LINK and CREATE PUBLIC DATABASE LINK.
Risk Level - Medium

Account granted the JAVA_ADMIN role
Checks for accounts (other than DBA, SYS, and SYSTEM) that have been granted the role JAVA_ADMIN.
Risk Level - Medium

Default role password
Verifies that default role passwords have been changed.
Risk Level - Medium

Privilege to execute DBMS_RANDOM granted to PUBLIC
Checks that privileges to execute the SYS.DBMS_RANDOM package have not been granted to the PUBLIC role.
Risk Level - Low

SQL Injection in ORASSO.WPG_SESSION
Checks that permissions to execute the ORASSO.WPG_SESSION package have not been granted to the PUBLIC role.
Risk Level - Medium

SQL Injection in OWF_MGR.WF_EVENT_HTML
Checks that permissions to execute the OWF_MGR.WF_EVENT_HTML package have been revoked from the PUBLIC role.
Risk Level - Medium

SQL Injection in OWF_MGR.WF_LOV
Checks that permissions to execute the OWF_MGR.WF_LOV package have been revoked from the PUBLIC role.
Risk Level - Medium

SQL Injection in PORTAL.WPG_SESSION
Checks that permissions to execute the PORTAL.WPG_SESSION package have not been granted to the PUBLIC role.
Risk Level - Medium

IBM DB2 - NEW CHECK

Weak permissions on DMS
Checks if the FixPak has been applied to solve the problem with weak permissions on the DMS.
Risk Level - High

Sybase Adaptive Server - NEW CHECKS

Default SAP password
Verifies that the password for the SAP account has been changed from the default values.
Risk Level - High

Password array buffer overflow
Verifies that the patch has been installed to fix the buffer overflow in the login password array.
Risk Level - High

NEW REPORTS
Vulnerability Differences Report
Click here to view AppDetective Sample Reports.

Web Application - NEW FEATURES

• Manual Navigation Capture
• Data Export
• Encoder/Decoder URL Encoding Support
• Web Crawl Enhancements
• Web Crawl Results Filter Options
• Advanced Data Search Scans Request Headers
• User Configurable Return Codes
• List Exposed Email Addresses

Web Application - NEW CHECKS

• ASP/PHP/Perl Scripts
• ActiveX/Applets

Web Application - ENHANCEMENTS

• Raw HTTP Request Enhancements
• Improved Options Editor
• Faster Scan Import/Export