CERT-MU :Advisories

Home | FAQ | Site Map | Contact Us

Hotline : 800 2378

To contact CERT-MU send e-mail on - info[at]cert-mu.gov.mu

To report incident e-mail on - incident[at]cert-mu.gov.mu

Charter & Mission

CERT-MU Services

Constituency

Authority

Incident Reporting

Vulnerability Reporting

World CERTs

Security Sites

Security Tools

Antivirus Resources

Email Abuse

Network Abuse

Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University

CERT-MU AD-2009-05

Multiple Vulnerabilities in various Oracle products

Original issue date: 17 April, 2009

Overview

Multiple vulnerabilities have been reported in various Oracle and BEA products, which could be exploited by remote or local attacker to cause a denial of service, read and manipulate certain data, disclose sensitive information, conduct SQL injection attacks, bypass security restrictions, or execute arbitrary commands.

Description

These issues are caused by errors in the Resource Manager, Core RDBMS, Workspace Manager, Advanced Queuing, Database Vault, SQLX Functions, Cluster Ready Services, Listener, Application Express, Password Policy, OPMN, BI Publisher, Outside In Technology, Portal, Oracle Application Object Library, Oracle Applications Framework, Oracle Applications Technology Stack, PeopleSoft Enterprise PeopleTools, PeopleSoft Enterprise HRMS - eBenefits, JRockit, WebLogic Server, WebLogic Portal, and Oracle Data Service Integrator (AquaLogic Data Services Platform).

Affected systems

• Oracle Database 11g, version 11.1.0.6, 11.1.0.7
• Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4
• Oracle Database 10g, version 10.1.0.5
• Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV
• Oracle Application Server 10g Release 2 (10.1.2), version 10.1.2.3.0
• Oracle Outside In SDK HTML Export 8.2.2, 8.3.0
• Oracle XML Publisher 5.6.2, 10.1.3.2, 10.1.3.2.1
• Oracle BI Publisher 10.1.3.3.0 10.1.3.3.1, 10.1.3.3.2, 10.1.3.3.3, 10.1.3.4
• Oracle E-Business Suite Release 12, version 12.0.6
• Oracle E-Business Suite Release 11i, version 11.5.10.2
• PeopleSoft Enterprise PeopleTools versions: 8.49
• PeopleSoft Enterprise HRMS versions: 8.9 and 9.0
• Oracle WebLogic Server 10.3
• Oracle WebLogic Server 9.0 GA, 9.1 GA, 9.2 through 9.2 MP3
• Oracle WebLogic Server 8.1 through 8.1 SP6
• Oracle WebLogic Server 7.0 through 7.0 SP7
• Oracle WebLogic Portal 8.1 through 8.1 SP6
• Oracle Data Service Integrator 10.3.0 and Oracle AquaLogic Data Services Platform (formerly BEA ALDSP) 3.2, 3.0.1, 3.0
• Oracle JRockit (formerly BEA JRockit) R27.6.2 and earlier (JDK/JRE 6, 5, 1.4.2)