Computer Security
[EN] securityvulns.ru
no-pyccku

  

Oracle multiple application security vulnerabilities
Published:15.01.2010
Source:ORACLE
SecurityVulns ID:10514
Type:remote
Level:9/10
Description:>20 vulnerabilities are fixed in different Oracle applications.
Affected:ORACLE : WebLogic Server 7.0
 ORACLE : Oracle 9i
 ORACLE : Oracle 10g
 ORACLE : Oracle E-Business Suite 11i
 ORACLE : WebLogic Server 8.1
 ORACLE : Oracle Application Server 10g
 ORACLE : Oracle 11g
 ORACLE : WebLogic Server 10.0
 ORACLE : WebLogic Server 9.0
 ORACLE : WebLogic Server 9.2
 ORACLE : Oracle E-Business Suite 12
 ORACLE : WebLogic Server 10.3
 ORACLE : JRockit 27.6
 ORACLE : PeopleSoft Enterprise HCM 9.0
 ORACLE : Oracle Access Manager 7.0
 ORACLE : Oracle Access Manager 10.1
 ORACLE : PeopleSoft Enterprise HCM 8.9
 ORACLE : Primavera P6 Enterprise Project Portfolio Management 6.1
 ORACLE : Primavera P6 Enterprise Project Portfolio Management 6.2
 ORACLE : Primavera P6 Enterprise Project Portfolio Management 7.0
 ORACLE : Primavera P6 Web Services 6.2
 ORACLE : Primavera P6 Web Services 7.0
CVE:CVE-2010-0080 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - eProfile component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9 Bundle, #21 and 9.0 Bundle #11 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2010-0079 (Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, and CVE-2009-3877.)
 CVE-2010-0078 (Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.0, 9.1, 9.2MP3, 10.0MP2, and 10.3.1 allows remote attackers to affect availability via unknown vectors.)
 CVE-2010-0077 (Unspecified vulnerability in the CRM Technical Foundation (mobile) component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect confidentiality and integrity via unknown vectors.)
 CVE-2010-0076 (Unspecified vulnerability in the Application Express Application Builder component in Oracle Database 3.2.1.00.10 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2010-0075 (Unspecified vulnerability in the Oracle HRMS (Self Service) component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors.)
 CVE-2010-0074 (Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0SP7, 8.1SP6, 9.0, 9.1, 9.2MP3, 10.0MP2, and 10.3.1 allows remote attackers to affect availability via unknown vectors.)
 CVE-2010-0072 (Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a buffer overflow in observiced.exe that allows remote attackers to execute arbitrary code via vectors related to a "reverse lookup of connections" to TCP port 10000.)
 CVE-2010-0071 (Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2010-0070 (Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect integrity via unknown vectors.)
 CVE-2010-0069 (Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0, SP7, 8.1SP6, 9.0, 9.1, 9.2MP3, 10.0MP1, and 10.3.0 allows remote attackers to affect integrity via unknown vectors.)
 CVE-2010-0068 (Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.0, 9.1, 9.2MP2, and 10.0 allows remote attackers to affect confidentiality via unknown vectors.)
 CVE-2010-0067 (Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect confidentiality via unknown vectors.)
 CVE-2010-0066 (Unspecified vulnerability in the Access Manager Identity Server component in Oracle Application Server 7.0.4.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors.)
 CVE-2009-3416 (Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote attackers to affect integrity via unknown vectors.)
 CVE-2009-3415 (Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2009-3414 (Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2009-3413 (Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2009-3412 (Unspecified vulnerability in the Unzip component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5; and Oracle Application Server 10.1.2.3; allows local users to affect confidentiality via unknown vectors.)
 CVE-2009-3411 (Unspecified vulnerability in the Oracle Data Pump component in Oracle Database 11.1.0.7, 10.2.0.3, 10.2.0.4, 10.1.0.5, 9.2.0.8, and 9.2.0.8DV allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2009-3410 (Unspecified vulnerability in the RDBMS component in Oracle Database 11.1.0.7, 10.2.0.3, 10.2.0.4, 10.1.0.5, 9.2.0.8, and 9.2.0.8DV allows remote authenticated users to affect confidentiality and integrity via unknown vectors.)
 CVE-2009-2625 (XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.)
 CVE-2009-1996 (Unspecified vulnerability in the Logical Standby component in Oracle Database allows remote authenticated users to affect integrity via unknown vectors.)
Original documentdocumentZDI, ZDI-10-002: Oracle Secure Backup observiced.exe Remote Code Execution Vulnerability (15.01.2010)
 documentCERT, US-CERT Technical Cyber Security Alert TA10-012A -- Oracle Updates for Multiple Vulnerabilities (15.01.2010)
 documentORACLE, Oracle Critical Patch Update Advisory - January 2010 (15.01.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru