SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   Oracle Fusion Middleware Vendors:   Oracle
Oracle Fusion Middleware Flaws Let Remote Users Execute Arbitrary Code, Access and Modify Data, and Deny Service
SecurityTracker Alert ID:  1024981
SecurityTracker URL:  http://securitytracker.com/id/1024981
CVE Reference:   CVE-2010-3510, CVE-2010-3588, CVE-2010-3591, CVE-2010-3592, CVE-2010-3595, CVE-2010-3597, CVE-2010-3598, CVE-2010-3599, CVE-2010-4416, CVE-2010-4417, CVE-2010-4425, CVE-2010-4427, CVE-2010-4437, CVE-2010-4453, CVE-2010-4455   (Links to External Site)
Date:  Jan 19 2011
Impact:   Denial of service via local system, Denial of service via network, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Multiple vulnerabilities were reported in Oracle Fusion Middleware. A remote user can execute arbitrary code on the target system. A remote user can cause denial of service conditions. A local user can cause denial of service conditions. A remote user can access and modify data.

The Oracle BI Publisher [CVE-2010-4425, CVE-2010-4427], Oracle Discoverer [CVE-2010-3588], Oracle Document Capture [CVE-2010-3591, CVE-2010-3592, CVE-2010-3595, CVE-2010-3598, CVE-2010-3599], Oracle GoldenGate Veridata [CVE-2010-4416], Oracle HTTP Server [CVE-2010-4455], Oracle JRockit [CVE-2010-3574], Oracle Outside In Technology [CVE-2010-3597], Oracle WebLogic Server [CVE-2010-3510, CVE-2010-4437, CVE-2010-4453], and Services for Beehive [CVE-2010-4417] components are affected.

The following researchers reported these and other Oracle vulnerabilities:

Alexander Kornbrust of Red Database Security; Alexandr Polyakov of Digital Security; Alexey Sintsov of Digital Security Research Group; Andrea Micalizzi aka rgod, working with TippingPoint's Zero Day Initiative; Andrey Labunets of Digital Security Research Group; Cris Neckar of Neohapsis, Inc.; Daniel Fahlgren; Esteban Martinez Fayo of Application Security, Inc.; Evdokimov Dmitriy of Digital Security Research Group; Karan Saberwal; Laszlo Toth; Maksymilian Arciemowicz of SecurityReason; Martin Rakhmanov of Application Security, Inc.; Matt Parcell of Accuvant; Monarch2020 of unsecurityresearch.com; Robert Clugston of Accuvant; Roberto Suggi Liverani of Security-Assessment.com; Rodrigo Rubira Branco (BSDaemon) via TippingPoint's Zero Day Initiative; and Sumit Siddharth from 7safe.

Impact:   A remote user can execute arbitrary code on the target system.

A remote user can cause denial of service conditions.

A local user can cause partial denial of service conditions on the target system.

A remote user can access and modify data on the target system.

Solution:   The vendor has issued a fix, described in their January 2011 Critical Patch Update advisory.

The Oracle advisory is available at:

http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html

Vendor URL:  www.oracle.com/technetwork/topics/security/cpujan2011-194091.html (Links to External Site)
Cause:   Not specified
Underlying OS:   Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC