Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   Oracle Secure Enterprise Search Vendors:   Oracle
Oracle Secure Enterprise Search Bugs Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1022565
SecurityTracker URL:
CVE Reference:   CVE-2009-1977, CVE-2009-1978   (Links to External Site)
Date:  Jul 15 2009
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to
Description:   Two vulnerabilities reported in Oracle Secure Enterprise Search. A remote user can execute arbitrary code on the target system.

One of the vulnerabilities requires authentication to exploit.

On Linux and UNIX based systems, the remote user can only partially affect confidentiality, availability, and integrity.

No other details were provided.

The Oracle Secure Backup component is affected.

The following researchers reported these and other Oracle vulnerabilities:

Anonymous of TippingPoint (3com); Esteban Martinez Fayo of Application Security, Inc.; Kowsik Guruswamy of Mu Security; Joxean Koret; Alexander Kornbrust of Red Database Security; David Litchfield of NGS Software; Oleg P. of HSC Security Portal; Alexandr Polyakov of Digital Security; noderat ratty; and Dennis Yurichev.

Impact:   A remote user can execute arbitrary code on the target system.
Solution:   The vendor has issued a fix (, described in their July 2009 Critical Patch Update advisory.

The Oracle advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Not specified
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (2000), Windows (2003), Windows (XP)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC