Oracle Products Multiple Vulnerabilities ( 16 July 2009 )
RISK: Medium Risk
Multiple vulnerabilities have been identified in various Oracle and BEA products, which could be exploited by remote or local attackers to cause a denial of service, read and manipulate certain data, disclose sensitive information, conduct SQL injection attacks, bypass security restrictions, or execute arbitrary commands.
These issues are caused by errors in the Network Foundation, Network Authentication, Advanced Replication, Config Management, Upgrade, Virtual Private Database, Listener, Secure Enterprise Search, Core RDBMS, Auditing, Oracle Secure Backup, Oracle Security Developer Tools, HTTP Server, Oracle Application Object Library, Application Install, Applications Framework, Oracle iStore, Oracle Applications Manager, Config Management, PeopleSoft Enterprise FMS, Enterprise Portal, Enterprise HRMS eProfile Manager, Highly Interactive Client, JRockit, Oracle Complex Event Processing, and WebLogic Server components.
System / Technologies affected
- Oracle Database 11g version 11.1.0.6
- Oracle Database 11g version 11.1.0.7
- Oracle Database 10g Release 2 version 10.2.0.3
- Oracle Database 10g Release 2 version 10.2.0.4
- Oracle Database 10g version 10.1.0.5
- Oracle Database 9i Release 2 version 9.2.0.8
- Oracle Database 9i Release 2 version 9.2.0.8DV
- Oracle Application Server 10g Release 2 (10.1.2) version 10.1.2.3.0
- Oracle Application Server 10g Release 3 (10.1.3) version 10.1.3.3.0
- Oracle Application Server 10g Release 3 (10.1.3) version 10.1.3.4.0
- Oracle Identity Management 10g, version 10.1.4.0.1
- Oracle Identity Management 10g, version 10.1.4.2.0
- Oracle Identity Management 10g, version 10.1.4.3.0
- Oracle E-Business Suite Release 12 version 12.1
- Oracle E-Business Suite Release 12 version 12.0.6
- Oracle E-Business Suite Release 11i version 11.5.10.2
- Oracle Enterprise Manager Database Control 11 version 11.1.0.6
- Oracle Enterprise Manager Database Control 11 version 11.1.0.7
- Oracle Enterprise Manager Grid Control 10g Release 4 version 10.2.0.4
- PeopleSoft Enterprise PeopleTools version 8.49
- PeopleSoft Enterprise HRMS version 8.9
- PeopleSoft Enterprise HRMS version 9.0
- Siebel Highly Interactive Client version 7.5.3
- Siebel Highly Interactive Client version 7.7.2
- Siebel Highly Interactive Client version 7.8
- Siebel Highly Interactive Client version 8.0
- Siebel Highly Interactive Client version 8.1
- Oracle WebLogic Server 10.3, 10.0MP1
- Oracle WebLogic Server 9.0 GA
- Oracle WebLogic Server 9.1 GA
- Oracle WebLogic Server 9.2 through 9.2 MP3
- Oracle WebLogic Server 8.1 through 8.1 SP6
- Oracle WebLogic Server 7.0 through 7.0 SP7
- Oracle Complex Event Processing 10.3
- Oracle WebLogic Event Server 2.0
- Oracle JRockit version R27.6.3 and prior (JDK/JRE 6, 5, 1.4.2)
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Apply Critical Patch Update Advisory - July 2009 :
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html
Vulnerability Identifier
- CVE-2009-0217
- CVE-2009-0987
- CVE-2009-1015
- CVE-2009-1019
- CVE-2009-1020
- CVE-2009-1021
- CVE-2009-1093
- CVE-2009-1094
- CVE-2009-1095
- CVE-2009-1097
- CVE-2009-1098
- CVE-2009-1099
- CVE-2009-1100
- CVE-2009-1101
- CVE-2009-1523
- CVE-2009-1963
- CVE-2009-1966
- CVE-2009-1967
- CVE-2009-1968
- CVE-2009-1969
- CVE-2009-1970
- CVE-2009-1973
- CVE-2009-1974
- CVE-2009-1975
- CVE-2009-1976
- CVE-2009-1977
- CVE-2009-1978
- CVE-2009-1980
- CVE-2009-1981
- CVE-2009-1982
- CVE-2009-1983
- CVE-2009-1984
- CVE-2009-1986
- CVE-2009-1987
- CVE-2009-1988
- CVE-2009-1989
Source
Related Link
Share with