Skip to main content

Oracle and BEA Products Multiple Code Execution Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 15 Oct 2008 5529 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in various Oracle and BEA products, which could be exploited by remote or local attackers to cause a denial of service, read and manipulate certain data, disclose sensitive information, conduct SQL injection attacks, bypass security restrictions, or execute arbitrary commands.

These issues are caused by errors in the Data Mining, OLAP, Data Capture, Spatial, Workspace Manager, Upgrade, AS, Core RDBMS, Oracle Portal, Reports Developer, JDeveloper, Discoverer Administrator, Discoverer Desktop, Applications Technology Stack, iSupplier Portal, iStore, Applications Framework, PeopleTools, PeopleSoft Enterprise Portal, JDE EnterpriseOne Business Service Server, WebLogic Server, Plugins for Apache, and Workshop components.


Impact

  • Denial of Service
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure

System / Technologies affected

  • Oracle Database 11g version 11.1.0.6
  • Oracle Database 10g Release 2 version 10.2.0.2
  • Oracle Database 10g Release 2 version 10.2.0.3
  • Oracle Database 10g Release 2 version 10.2.0.4
  • Oracle Database 10g version 10.1.0.5
  • Oracle Database 9i Release 2 version 9.2.0.8
  • Oracle Database 9i Release 2 version 9.2.0.8DV
  • Oracle Application Server 10g Release 3 (10.1.3) version 10.1.3.3.0
  • Oracle Application Server 10g Release 3 (10.1.3) version 10.1.3.4.0
  • Oracle Application Server 10g Release 2 (10.1.2) version 10.1.2.2.0
  • Oracle Application Server 10g Release 2 (10.1.2) version 10.1.2.3.0
  • Oracle Application Server 10g (9.0.4) version 9.0.4.3
  • Oracle E-Business Suite Release 12 version 12.0.4
  • Oracle E-Business Suite Release 11i version 11.5.10.2
  • Oracle PeopleSoft Enterprise PeopleTools version 8.48.18
  • Oracle PeopleSoft Enterprise PeopleTools version 8.49.14
  • Oracle PeopleSoft Enterprise Portal version 8.9
  • Oracle PeopleSoft Enterprise Portal version 9.0
  • Oracle JD Edwards EnterpriseOne Tools version 8.97
  • Oracle JD Edwards EnterpriseOne Tools version 8.98
  • Oracle WebLogic Server (formerly BEA WebLogic Server) versions 10.0 through MP1
  • Oracle WebLogic Server (formerly BEA WebLogic Server) version 10.3 GA
  • Oracle WebLogic Server (formerly BEA WebLogic Server) version 9.0 GA
  • Oracle WebLogic Server (formerly BEA WebLogic Server) version 9.1 GA
  • Oracle WebLogic Server (formerly BEA WebLogic Server) versions 9.2 through MP3
  • Oracle WebLogic Server (formerly BEA WebLogic Server) versions 8.1 through SP6
  • Oracle WebLogic Server (formerly BEA WebLogic Server) versions 7.0 through SP7
  • Oracle WebLogic Server (formerly BEA WebLogic Server) versions 6.1 through SP7
  • Oracle Workshop for WebLogic (formerly BEA WebLogic Workshop) versions 10.0 through MP1
  • Oracle Workshop for WebLogic (formerly BEA WebLogic Workshop) version 10.2 GA
  • Oracle Workshop for WebLogic (formerly BEA WebLogic Workshop) version 10.3 GA
  • Oracle Workshop for WebLogic (formerly BEA WebLogic Workshop) version 9.0
  • Oracle Workshop for WebLogic (formerly BEA WebLogic Workshop) version 9.1
  • Oracle Workshop for WebLogic (formerly BEA WebLogic Workshop) versions 9.2 through MP3
  • Oracle Workshop for WebLogic (formerly BEA WebLogic Workshop) versions 8.1 through SP6

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Apply Oracle Critical Patch Update - October 2008 :
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html


Vulnerability Identifier


Source


Related Link