SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Database)  >   Oracle Database Vendors:   Oracle
Oracle Database and Other Products Have Unspecified Vulnerabilities With Unspecified Impact
SecurityTracker Alert ID:  1017927
SecurityTracker URL:  http://securitytracker.com/id/1017927
CVE Reference:   CVE-2007-2108, CVE-2007-2109, CVE-2007-2110, CVE-2007-2111, CVE-2007-2112, CVE-2007-2113, CVE-2007-2114, CVE-2007-2115, CVE-2007-2116, CVE-2007-2117, CVE-2007-2118, CVE-2007-2119, CVE-2007-2120, CVE-2007-2121, CVE-2007-2122, CVE-2007-2123, CVE-2007-2124, CVE-2007-2125, CVE-2007-2126, CVE-2007-2127, CVE-2007-2128, CVE-2007-2129, CVE-2007-2130, CVE-2007-2131, CVE-2007-2132, CVE-2007-2133, CVE-2007-2134   (Links to External Site)
Updated:  May 14 2008
Original Entry Date:  Apr 17 2007
Impact:   Not specified
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9i, 10g
Description:   Numerous vulnerabilities were reported in Oracle Database and other Oracle products. The impact was not specified by the vendor.

Oracle released their Critical Patch Update for April 2007, addressing numerous vulnerabilities in Oracle Database, Oracle Secure Enterprise Search, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite, Oracle Enterprise Manager, Oracle PeopleSoft Enterprise PeopleTools, Oracle PeopleSoft Enterprise Human Capital Management, JD Edwards EnterpriseOne Tools, and JD Edwards OneWorld Tools.

The following product versions are affected:

* Oracle Database 10g Release 2, versions 10.2.0.2, 10.2.0.3
* Oracle Database 10g Release 1, versions 10.1.0.4, 10.1.0.5
* Oracle9i Database Release 2, versions 9.2.0.7, 9.2.0.8
* Oracle Secure Enterprise Search 10g Release 1, version 10.1.8
* Oracle Application Server 10g Release 3 (10.1.3), versions 10.1.3.0.0, 10.1.3.1.0, 10.1.3.2.0
* Oracle Application Server 10g Release 2 (10.1.2), versions 10.1.2.0.1 - 10.1.2.0.2, 10.1.2.1.0, 10.1.2.2.0
* Oracle Application Server 10g (9.0.4), version 9.0.4.3
* Oracle10g Collaboration Suite Release 1, version 10.1.2
* Oracle E-Business Suite Release 11i, versions 11.5.7 - 11.5.10 CU2
* Oracle E-Business Suite Release 12, version 12.0.0
* Oracle Enterprise Manager 9i Release 2, versions 9.2.0.7, 9.2.0.8
* Oracle Enterprise Manager 9i, version 9.0.1.5
* Oracle PeopleSoft Enterprise PeopleTools versions 8.22, 8.47, 8.48
* Oracle PeopleSoft Enterprise Human Capital Management version 8.9
* JD Edwards EnterpriseOne Tools version 8.96
* JD Edwards OneWorld Tools SP23
* Oracle9i Database Release 1, versions 9.0.1.5, 9.0.1.5 FIPS
* Oracle9i Database Release 2, versions 9.2.0.5
* Oracle Database 10g Release 2, version 10.2.0.1

Oracle has provided no specifics regarding the nature of these vulnerabilities.

Oracle Database products contain 17 vulnerabilities, three of which can be exploited by remote users without authentication. Two vulnerabilities apply to Oracle Database client-only installations (that do not have the Oracle Database installed).

The affected Database components include: Advanced Queuing, Advanced Replication, Authentication, Change Data Capture (CDC), Core RDBMS, Oracle Agent, Oracle Instant Client, Oracle Streams, Oracle Text, Oracle Workflow Cartridge, Rules Manager, Expression Filter, Ultra Search, and Upgrade/Downgrade.

Oracle Application Server contains seven vulnerabilities, two of which can be exploited by remote users without authentication.

Oracle Collaboration Suite contains two vulnerabilities. None can be exploited remotely without authentication.

Oracle E-Business Suite contains 11 vulnerabilities, two of which can be exploited by remote users without authentication.

Oracle Enterprise Manager contains two vulnerabilities, both of which can be exploited by remote users without authentication.

Oracle PeopleSoft Enterprise contains four vulnerabilities (two for PeopleTools, one for PeopleSoft Enterprise Human Capital Management, and one for JD Edwards EnterpriseOne and JD Edwards OneWorld Tools). None can be exploited remotely without authentication.

Oracle has provided the following maximum CVSS base scores:

* Oracle Database: 7.0
* Oracle Application Server: 4.2
* Oracle Collaboration Suite: 1.4
* Oracle E-Business Suite: 4.2
* Oracle Enterprise Manager: 2.3
* Oracle PeopleSoft Enterprise: 2.4

Oracle credits the following individuals and organizations with reporting these vulnerabilities:

Vicente Aguilera Diaz of Internet Security Auditors, S.L.; Gerhard Eschelbeck of Qualys, Inc.; Esteban Martinez Fayo of Application Security, Inc.; Joxean Koret; Alexander Kornbrust of Red Database Security GmbH; David Litchfield and Paul M. Wright of Next Generation Security Software Ltd.; noderat ratty; and TippingPoint's Zero Day Initiative.

Impact:   The impact was not specified by the vendor.
Solution:   The vendor has issued a fix, described in their April 2007 Critical Patch Update advisory at:

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html

Vendor URL:  www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Sep 12 2007 (IBM Issues Fix for Tivoli Compliance Insight Manager) Oracle Database and Other Products Have Unspecified Vulnerabilities With Unspecified Impact
IBM has issued a fix for Tivoli Compliance Insight Manager.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC