Oracle and BEA Products Multiple Code Execution Vulnerabilities
RISK: Medium Risk
Multiple vulnerabilities have been identified in various Oracle and BEA products, which could be exploited by remote or local attackers to cause a denial of service, read and manipulate certain data, disclose sensitive information, conduct SQL injection attacks, bypass security restrictions, or execute arbitrary commands.
These issues are caused by errors in the Job Queue, Oracle OLAP, Oracle Spatial, Oracle Streams, SQL*Plus Windows GUI, TimesTen Data Server, Oracle Secure Backup, OC4J, Oracle BPEL Process Manager, Oracle Portal, Oracle JDeveloper, Collaborative Workspaces, Oracle Application Object Library, iProcurement, Oracle Applications Framework, Oracle Applications Platform Engineering, Oracle Enterprise Manager, PeopleSoft Enterprise Components, PeopleSoft Enterprise HRMS, PeopleSoft Enterprise Campus Solutions, ePerformance, JD Edwards Tools, WebLogic Server Plugins, WebLogic Portal and WebLogic Server.
Impact
- Denial of Service
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- Oracle Database 11g version 11.1.0.6
- Oracle Database 10g Release 2 version 10.2.0.2
- Oracle Database 10g Release 2 version 10.2.0.3
- Oracle Database 10g Release 2 version 10.2.0.4
- Oracle Database 10g version 10.1.0.5
- Oracle Database 9i Release 2 version 9.2.0.8
- Oracle Database 9i Release 2 version 9.2.0.8DV
- Oracle Secure Backup version 10.2.0.2
- Oracle Secure Backup version 10.2.0.3
- Oracle Secure Backup version 10.1.0.1
- Oracle Secure Backup version 10.1.0.2
- Oracle Secure Backup version 10.1.0.3
- Oracle TimesTen In-Memory Database version 7.0.5.1.0
- Oracle TimesTen In-Memory Database version 7.0.5.2.0
- Oracle TimesTen In-Memory Database version 7.0.5.3.0
- Oracle TimesTen In-Memory Database version 7.0.5.4.0
- Oracle Application Server 10g Release 3 (10.1.3) version 10.1.3.3.0
- Oracle Application Server 10g Release 2 (10.1.2) version 10.1.2.2.0
- Oracle Application Server 10g Release 2 (10.1.2) version 10.1.2.3.0
- Oracle Collaboration Suite 10g version 10.1.2
- Oracle E-Business Suite Release 12 version 12.0.6
- Oracle E-Business Suite Release 11i version 11.5.10.2
- Oracle Enterprise Manager Grid Control 10g Release 4 version 10.2.0.4
- PeopleSoft Enterprise HRMS version 8.9
- PeopleSoft Enterprise HRMS version 9.0
- JD Edwards Tools version 8.97
- Oracle WebLogic Server (formerly BEA WebLogic Server) 10.0 through MP1
- Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 GA
- Oracle WebLogic Server (formerly BEA WebLogic Server) 9.0 GA
- Oracle WebLogic Server (formerly BEA WebLogic Server) 9.1 GA
- Oracle WebLogic Server (formerly BEA WebLogic Server) 9.2 through MP3
- Oracle WebLogic Server (formerly BEA WebLogic Server) 8.1 through SP6
- Oracle WebLogic Server (formerly BEA WebLogic Server) 7.0 through SP7
- Oracle WebLogic Portal (formerly BEA WebLogic Portal) 10.0 through MP1
- Oracle WebLogic Portal (formerly BEA WebLogic Portal) 10.2 GA
- Oracle WebLogic Portal (formerly BEA WebLogic Portal) 10.3 GA
- Oracle WebLogic Portal (formerly BEA WebLogic Portal) 9.2 through MP3
- Oracle WebLogic Portal (formerly BEA WebLogic Portal) 8.1 through SP6
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Apply Oracle Critical Patch Update - January 2009 :
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html
Vulnerability Identifier
- CVE-2008-2623
- CVE-2008-3973
- CVE-2008-3974
- CVE-2008-3978
- CVE-2008-3979
- CVE-2008-3981
- CVE-2008-3997
- CVE-2008-3999
- CVE-2008-4006
- CVE-2008-4007
- CVE-2008-4014
- CVE-2008-4015
- CVE-2008-4016
- CVE-2008-4017
- CVE-2008-5436
- CVE-2008-5437
- CVE-2008-5438
- CVE-2008-5439
- CVE-2008-5440
- CVE-2008-5441
- CVE-2008-5442
- CVE-2008-5443
- CVE-2008-5444
- CVE-2008-5445
- CVE-2008-5446
- CVE-2008-5447
- CVE-2008-5448
- CVE-2008-5449
- CVE-2008-5450
- CVE-2008-5451
- CVE-2008-5452
- CVE-2008-5454
- CVE-2008-5455
- CVE-2008-5456
- CVE-2008-5457
- CVE-2008-5458
- CVE-2008-5459
- CVE-2008-5460
- CVE-2008-5461
- CVE-2008-5462
- CVE-2008-5463
Source
Related Link
Share with