|
Oracle Products Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA23794
|
|
|
Release Date:
|
2007-01-17
|
|
Last Update:
|
2007-10-22
|
|
Popularity:
|
21,688 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Unknown
Cross Site Scripting
Manipulation of data
Exposure of sensitive information
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Oracle Application Server 10g
Oracle Database 10.x
Oracle Developer Suite 10g
Oracle E-Business Suite 11i
Oracle Enterprise Manager 10.x
Oracle PeopleSoft Enterprise Tools 8.x
Oracle9i Application Server
Oracle9i Database Enterprise Edition
Oracle9i Database Standard Edition
Oracle9i Developer Suite
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 2 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Solution:
Apply patches (see the vendor's advisory).
Provided and/or discovered by:
The vendor credits:
* Andy Davis, Information Risk Management Plc
* Vicente Aguilera Diaz, Internet Security Auditors, S.L.
* Esteban Martinez Fayo, Application Security, Inc.
* Tony Fogarty, BT Global Services
* Oliver Karow, Symantec Vulnerability Research
* Joxean Koret
* Alexander Kornbrust, Red Database Security
* David Litchfield and Mark Litchfield, NGSSoftware
* noderat ratty.
Changelog:
2007-01-18: Added CVE and link to US-CERT. Added additional information in "Description" section.
2007-01-26: Added additional information in "Description" section.
2007-10-22: Added CVE reference.
Original Advisory:
Oracle:
http://www.oracle.com/technology/depl...ritical-patch-updates/cpujan2007.html
Red Database Security:
http://www.red-database-security.com/advisory/oracle_buffer_overflow_ons.html
http://www.red-database-security.com/advisory/oracle_xmldb_css2.html
http://www.red-database-security.com/...oracle_sql_injection_dbms_aq_inv.html
Symantec Vulnerability Research:
http://www.symantec.com/enterprise/research/SYMSA-2007-001.txt
Application Security, Inc.:
http://www.appsecinc.com/resources/alerts/oracle/2007-01.shtml
http://www.appsecinc.com/resources/alerts/oracle/2007-02.shtml
http://www.appsecinc.com/resources/alerts/oracle/2007-03.shtml
http://www.appsecinc.com/resources/alerts/oracle/2007-04.shtml
http://www.appsecinc.com/resources/alerts/oracle/2007-05.shtml
http://www.appsecinc.com/resources/alerts/oracle/2007-06.shtml
Other References:
SA22130:
http://secunia.com/advisories/22130
SA21709:
http://secunia.com/advisories/21709
SA22130:
http://secunia.com/advisories/22130
US-CERT VU#221788:
http://www.kb.cert.org/vuls/id/221788
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
