|
|
Oracle Products Code Execution and Information Disclosure Vulnerabilities
|
Multiple vulnerabilities have been identified in various Oracle products, which could be exploited by remote or local attackers to cause a denial of service, read and manipulate certain data, disclose sensitive information, conduct SQL injection attacks, bypass security restrictions, or execute arbitrary commands.
These issues are caused by errors in the Listener, OLAP, Application Builder, Data Pump, Spatial, Standby, RDBMS, Unzip, Oracle Secure Backup, Access Manager Identity Server, Containers for J2EE, CRM Technical Foundation, HRMS, Application Object Library, PeopleSoft Enterprise HCM - eProfile, JRockit, WebLogic Server, and Primavera components.
Oracle Database 11g version 11.1.0.7
Oracle Database 10g Release 2 version 10.2.0.3
Oracle Database 10g Release 2 version 10.2.0.4
Oracle Database 10g version 10.1.0.5
Oracle Database 9i Release 2 version 9.2.0.8
Oracle Database 9i Release 2 version 9.2.0.8DV
Oracle Application Server 10g Release 3 (10.1.3) version 10.1.3.4.0
Oracle Application Server 10g Release 3 (10.1.3) version 10.1.3.5
Oracle Application Server 10g Release 3 (10.1.3) version 10.1.3.5.1
Oracle Application Server 10g Release 2 (10.1.2) version 10.1.2.3.0
Oracle Access Manager version 7.0.4.3
Oracle Access Manager version 10.1.4.2
Oracle E-Business Suite Release 12 version 12.0.4
Oracle E-Business Suite Release 12 version 12.0.5
Oracle E-Business Suite Release 12 version 12.0.6
Oracle E-Business Suite Release 12 version 12.1.1
Oracle E-Business Suite Release 12 version 12.1.2
Oracle E-Business Suite Release 11i version 11.5.10.2
PeopleSoft Enterprise HCM (TAM) version 8.9
PeopleSoft Enterprise HCM (TAM) version 9.0
Oracle WebLogic Server versions 10.0 through MP2
Oracle WebLogic Server version 10.3.0
Oracle WebLogic Server version 10.3.1
Oracle WebLogic Server version 9.0 GA
Oracle WebLogic Server version 9.1 GA
Oracle WebLogic Server versions 9.2 through 9.2 MP3
Oracle WebLogic Server versions 8.1 through 8.1 SP6
Oracle WebLogic Server versions 7.0 through 7.0 SP7
Oracle JRockit version R27.6.5 and prior (JDK/JRE 6, 5, 1.4.2)
Primavera P6 Enterprise Project Portfolio Management version 6.1
Primavera P6 Enterprise Project Portfolio Management version 6.2.1
Primavera P6 Enterprise Project Portfolio Management version 7.0
Primavera P6 Web Services version 6.2.1
Primavera P6 Web Services version 7.0
Primavera P6 Web Services version 7.0SP1
Apply Oracle Critical Patch Update (Advisory - January 2010) :
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html
http://www.vupen.com/english/advisories/2010/0102
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html
Vulnerabilities reported by TippingPoint, Esteban Martinez Fayo (Application Security, Inc.), Alexander Kornbrust (Red Database Security), David Litchfield (NGS Software), Brian Martin (INS.com), Guy Pilosof (Sentrigo), JPCERT/CC Vulnerability Handling Team, Daiki Fukumori (Secure Sky Technology) and Dennis Yurichev.
2010-01-13 : Initial release
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
|
|
Monthly Statistics |
 |
|
|
|
| |
|
Try VUPEN
VNS |
 |
|
 |
|
| |
|
 |
| |
|
|
|
|
