CERTA-2009-AVI-154
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Oracle. L'exploitation de ces vulnérabilités permet de réaliser diverses actions malveillantes, dont l'exécution de code arbitraire à distance.
Description
Un grand nombre de vulnérabilités a été découvert dans les produits Oracle :
- Oracle Database ;
- Oracle Application Server ;
- Oracle Collaboration Suite ;
- Beehive Collaboration Suite ;
- Oracle Enterprise Manager ;
- Oracle E-Business Suite et Application ;
- Oracle PoepleSoft Enterprise ;
- JD Edwards EnterpriseOne ;
- Oracle Siebel Enterprise ;
- Oracle Weblogic Server, Portal, Data Service ;
- Oracle Data Service Integrator ;
- AquaLogic Data Services Platform;
- JRockit.
L'exploitation de ces vulnérabilités permet de réaliser diverses actions malveillantes, dont l'exécution de code arbitraire à distance pour certaines.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Weblogic | Oracle WebLogic Server version 10.3 ; | ||
| Oracle | N/A | Oracle E-Business Suite Release 12, version 12.0.6 ; | ||
| Oracle | N/A | Oracle Database 9i Release 2, versions 9.2.0.8 et 9.2.0.8DV ; | ||
| Oracle | N/A | Oracle JRockit (anciennement BEA JRockit) version R27.6.2 et versions antérieures. | ||
| Oracle | N/A | Oracle E-Business Suite Release 11i, version 11.5.10.2 ; | ||
| Oracle | N/A | Oracle Database 10g, version 10.1.0.5 ; | ||
| Oracle | PeopleSoft | PeopleSoft Enterprise HRMS versions 8.9 et 9.0 ; | ||
| Oracle | N/A | Oracle Database 10g Release 2, versions 10.2.0.3 et 10.2.0.4 ; | ||
| Oracle | Weblogic | Oracle WebLogic Portal versions 8.1 à 8.1 SP6 ; | ||
| Oracle | N/A | Oracle BI Publisher versions 10.1.3.3.0, 10.1.3.3.1, 10.1.3.3.2, 10.1.3.3.3 et 10.1.3.4 ; | ||
| Oracle | N/A | Oracle Database 11g, versions 11.1.0.6 et 11.1.0.7 ; | ||
| Oracle | N/A | Oracle Application Server 10g Release 2 (10.1.2), version 10.1.2.3.0 ; | ||
| Oracle | Weblogic | Oracle WebLogic Server versions 9.0 GA, 9.1 GA et 9.2 jusqu'à la version 9.2 MP3 ; | ||
| Oracle | Weblogic | Oracle WebLogic Server versions 7.0 à 7.0 SP7 ; | ||
| Oracle | N/A | Oracle Data Service Integrator versions 10.3.0 ; | ||
| Oracle | N/A | Oracle AquaLogic Data Services Platform versions 3.2, 3.0.1 et 3.0 ; | ||
| Oracle | N/A | Oracle Outside In SDK HTML Export versions 8.2.2 et 8.3.0 ; | ||
| Oracle | PeopleSoft | PeopleSoft Enterprise PeopleTools version 8.49 ; | ||
| Oracle | N/A | Oracle XML Publisher version 5.6.2, 10.1.3.2 et 10.1.3.2.1 ; | ||
| Oracle | Weblogic | Oracle WebLogic Server versions 8.1 à 8.1 SP6 ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle WebLogic Server version 10.3 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite Release 12, version 12.0.6 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 9i Release 2, versions 9.2.0.8 et 9.2.0.8DV ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle JRockit (anciennement BEA JRockit) version R27.6.2 et versions ant\u00e9rieures.",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite Release 11i, version 11.5.10.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 10g, version 10.1.0.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft Enterprise HRMS versions 8.9 et 9.0 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 10g Release 2, versions 10.2.0.3 et 10.2.0.4 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Portal versions 8.1 \u00e0 8.1 SP6 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle BI Publisher versions 10.1.3.3.0, 10.1.3.3.1, 10.1.3.3.2, 10.1.3.3.3 et 10.1.3.4 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 11g, versions 11.1.0.6 et 11.1.0.7 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Application Server 10g Release 2 (10.1.2), version 10.1.2.3.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server versions 9.0 GA, 9.1 GA et 9.2 jusqu\u0027\u00e0 la version 9.2 MP3 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server versions 7.0 \u00e0 7.0 SP7 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Data Service Integrator versions 10.3.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle AquaLogic Data Services Platform versions 3.2, 3.0.1 et 3.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Outside In SDK HTML Export versions 8.2.2 et 8.3.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft Enterprise PeopleTools version 8.49 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle XML Publisher version 5.6.2, 10.1.3.2 et 10.1.3.2.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server versions 8.1 \u00e0 8.1 SP6 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUn grand nombre de vuln\u00e9rabilit\u00e9s a \u00e9t\u00e9 d\u00e9couvert dans les produits\nOracle :\n\n- Oracle Database ;\n- Oracle Application Server ;\n- Oracle Collaboration Suite ;\n- Beehive Collaboration Suite ;\n- Oracle Enterprise Manager ;\n- Oracle E-Business Suite et Application ;\n- Oracle PoepleSoft Enterprise ;\n- JD Edwards EnterpriseOne ;\n- Oracle Siebel Enterprise ;\n- Oracle Weblogic Server, Portal, Data Service ;\n- Oracle Data Service Integrator ;\n- AquaLogic Data Services Platform;\n- JRockit.\n\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet de r\u00e9aliser diverses actions\nmalveillantes, dont l\u0027ex\u00e9cution de code arbitraire \u00e0 distance pour\ncertaines.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-1006",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1006"
},
{
"name": "CVE-2009-0991",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0991"
},
{
"name": "CVE-2009-0982",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0982"
},
{
"name": "CVE-2009-0980",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0980"
},
{
"name": "CVE-2009-0973",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0973"
},
{
"name": "CVE-2009-0986",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0986"
},
{
"name": "CVE-2009-1004",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1004"
},
{
"name": "CVE-2009-1000",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1000"
},
{
"name": "CVE-2009-0995",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0995"
},
{
"name": "CVE-2009-0978",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0978"
},
{
"name": "CVE-2009-1003",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1003"
},
{
"name": "CVE-2009-1005",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1005"
},
{
"name": "CVE-2009-0994",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0994"
},
{
"name": "CVE-2009-1001",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1001"
},
{
"name": "CVE-2009-1013",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1013"
},
{
"name": "CVE-2009-0975",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0975"
},
{
"name": "CVE-2009-0997",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0997"
},
{
"name": "CVE-2009-0993",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0993"
},
{
"name": "CVE-2009-1014",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1014"
},
{
"name": "CVE-2009-0972",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0972"
},
{
"name": "CVE-2009-0992",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0992"
},
{
"name": "CVE-2009-1010",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1010"
},
{
"name": "CVE-2009-0999",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0999"
},
{
"name": "CVE-2009-0974",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0974"
},
{
"name": "CVE-2009-0989",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0989"
},
{
"name": "CVE-2009-0996",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0996"
},
{
"name": "CVE-2009-0977",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0977"
},
{
"name": "CVE-2009-0985",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0985"
},
{
"name": "CVE-2009-1008",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1008"
},
{
"name": "CVE-2009-0987",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0987"
},
{
"name": "CVE-2009-1017",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1017"
},
{
"name": "CVE-2009-0984",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0984"
},
{
"name": "CVE-2009-1002",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1002"
},
{
"name": "CVE-2009-0983",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0983"
},
{
"name": "CVE-2009-0976",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0976"
},
{
"name": "CVE-2009-1016",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1016"
},
{
"name": "CVE-2009-1011",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1011"
},
{
"name": "CVE-2009-0988",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0988"
},
{
"name": "CVE-2009-1012",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1012"
},
{
"name": "CVE-2009-0979",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0979"
},
{
"name": "CVE-2009-0998",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0998"
},
{
"name": "CVE-2009-1009",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1009"
},
{
"name": "CVE-2009-0981",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0981"
},
{
"name": "CVE-2009-0990",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0990"
}
],
"links": [],
"reference": "CERTA-2009-AVI-154",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2009-04-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nOracle. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet de r\u00e9aliser diverses\nactions malveillantes, dont l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s des produits Oracle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle du 14 avril 2009",
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…