Vulnerability-Lookup

CVE-2009-1009 (GCVE-0-2009-1009)

Vulnerability from cvelistv5 – Published: 2009-04-15 10:00 – Updated: 2024-08-07 04:57

Summary

Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML.

Severity

No CVSS data available.

CWE

Assigner

oracle

References

7 references

URL	Tags
http://www.securitytracker.com/id?1022055	vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/34461	vdb-entryx_refsource_BID
http://osvdb.org/53748	vdb-entryx_refsource_OSVDB
http://secunia.com/advisories/34693	third-party-advisoryx_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg…	x_refsource_CONFIRM
http://www.us-cert.gov/cas/techalerts/TA09-105A.html	third-party-advisoryx_refsource_CERT
http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM

Date Public

2009-04-14 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:57:17.541Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1022055",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022055"
          },
          {
            "name": "34461",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34461"
          },
          {
            "name": "53748",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/53748"
          },
          {
            "name": "34693",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34693"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
          },
          {
            "name": "TA09-105A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-04-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-01-08T23:57:01.000Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "1022055",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022055"
        },
        {
          "name": "34461",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34461"
        },
        {
          "name": "53748",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/53748"
        },
        {
          "name": "34693",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34693"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
        },
        {
          "name": "TA09-105A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2009-1009",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1022055",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022055"
            },
            {
              "name": "34461",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34461"
            },
            {
              "name": "53748",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/53748"
            },
            {
              "name": "34693",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/34693"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
            },
            {
              "name": "TA09-105A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2009-1009",
    "datePublished": "2009-04-15T10:00:00.000Z",
    "dateReserved": "2009-03-19T00:00:00.000Z",
    "dateUpdated": "2024-08-07T04:57:17.541Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2009-1009",
      "date": "2026-06-04",
      "epss": "0.00096",
      "percentile": "0.26475"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_server:8.1.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D12B2DE-9584-4644-9A4E-6A627EF61D6D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C753E1B-D81B-4995-877E-58EDD6F49DDB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.0.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"092F8012-A1EE-46CE-B2B2-0604BF4ACBBA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E618064A-3D05-4DC6-9A47-0EDF2427642F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F1964FC-672F-4139-938F-A8EF9D86D9C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D303B0B9-CDAB-409B-AE44-512D4791C36F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C90EF7A4-8181-42C3-BB95-395D0DD94C14\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad no especificada en el componente Outside In Technology en Oracle Application Server v8.1.9 que permite a los usuarios locales afectar a la confidencialidad, integridad y disponibilidad en relaci\\u00f3n a HTML.\"}]",
      "id": "CVE-2009-1009",
      "lastModified": "2024-11-21T01:01:27.220",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.4, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2009-04-15T10:30:00.967",
      "references": "[{\"url\": \"http://osvdb.org/53748\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://secunia.com/advisories/34693\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg21660640\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/34461\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id?1022055\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-105A.html\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://osvdb.org/53748\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://secunia.com/advisories/34693\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg21660640\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/34461\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id?1022055\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-105A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "secalert_us@oracle.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-1009\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2009-04-15T10:30:00.967\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en el componente Outside In Technology en Oracle Application Server v8.1.9 que permite a los usuarios locales afectar a la confidencialidad, integridad y disponibilidad en relaci\u00f3n a HTML.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":4.4,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_server:8.1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D12B2DE-9584-4644-9A4E-6A627EF61D6D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C753E1B-D81B-4995-877E-58EDD6F49DDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.0.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"092F8012-A1EE-46CE-B2B2-0604BF4ACBBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E618064A-3D05-4DC6-9A47-0EDF2427642F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F1964FC-672F-4139-938F-A8EF9D86D9C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D303B0B9-CDAB-409B-AE44-512D4791C36F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C90EF7A4-8181-42C3-BB95-395D0DD94C14\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/53748\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/34693\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21660640\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/34461\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1022055\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-105A.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://osvdb.org/53748\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/34693\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21660640\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/34461\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1022055\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-105A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}

CERTA-2009-AVI-154

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Oracle. L'exploitation de ces vulnérabilités permet de réaliser diverses actions malveillantes, dont l'exécution de code arbitraire à distance.

Description

Un grand nombre de vulnérabilités a été découvert dans les produits Oracle :

Oracle Database ;
Oracle Application Server ;
Oracle Collaboration Suite ;
Beehive Collaboration Suite ;
Oracle Enterprise Manager ;
Oracle E-Business Suite et Application ;
Oracle PoepleSoft Enterprise ;
JD Edwards EnterpriseOne ;
Oracle Siebel Enterprise ;
Oracle Weblogic Server, Portal, Data Service ;
Oracle Data Service Integrator ;
AquaLogic Data Services Platform;
JRockit.

L'exploitation de ces vulnérabilités permet de réaliser diverses actions malveillantes, dont l'exécution de code arbitraire à distance pour certaines.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	Weblogic	Oracle WebLogic Server version 10.3 ;
Oracle	N/A	Oracle E-Business Suite Release 12, version 12.0.6 ;
Oracle	N/A	Oracle Database 9i Release 2, versions 9.2.0.8 et 9.2.0.8DV ;
Oracle	N/A	Oracle JRockit (anciennement BEA JRockit) version R27.6.2 et versions antérieures.
Oracle	N/A	Oracle E-Business Suite Release 11i, version 11.5.10.2 ;
Oracle	N/A	Oracle Database 10g, version 10.1.0.5 ;
Oracle	PeopleSoft	PeopleSoft Enterprise HRMS versions 8.9 et 9.0 ;
Oracle	N/A	Oracle Database 10g Release 2, versions 10.2.0.3 et 10.2.0.4 ;
Oracle	Weblogic	Oracle WebLogic Portal versions 8.1 à 8.1 SP6 ;
Oracle	N/A	Oracle BI Publisher versions 10.1.3.3.0, 10.1.3.3.1, 10.1.3.3.2, 10.1.3.3.3 et 10.1.3.4 ;
Oracle	N/A	Oracle Database 11g, versions 11.1.0.6 et 11.1.0.7 ;
Oracle	N/A	Oracle Application Server 10g Release 2 (10.1.2), version 10.1.2.3.0 ;
Oracle	Weblogic	Oracle WebLogic Server versions 9.0 GA, 9.1 GA et 9.2 jusqu'à la version 9.2 MP3 ;
Oracle	Weblogic	Oracle WebLogic Server versions 7.0 à 7.0 SP7 ;
Oracle	N/A	Oracle Data Service Integrator versions 10.3.0 ;
Oracle	N/A	Oracle AquaLogic Data Services Platform versions 3.2, 3.0.1 et 3.0 ;
Oracle	N/A	Oracle Outside In SDK HTML Export versions 8.2.2 et 8.3.0 ;
Oracle	PeopleSoft	PeopleSoft Enterprise PeopleTools version 8.49 ;
Oracle	N/A	Oracle XML Publisher version 5.6.2, 10.1.3.2 et 10.1.3.2.1 ;
Oracle	Weblogic	Oracle WebLogic Server versions 8.1 à 8.1 SP6 ;

References

Title

Publication Time

CERTA-2009-AVI-154

Vulnerability from certfr_avis - Published: - Updated:

Description

Un grand nombre de vulnérabilités a été découvert dans les produits Oracle :

Oracle Database ;
Oracle Application Server ;
Oracle Collaboration Suite ;
Beehive Collaboration Suite ;
Oracle Enterprise Manager ;
Oracle E-Business Suite et Application ;
Oracle PoepleSoft Enterprise ;
JD Edwards EnterpriseOne ;
Oracle Siebel Enterprise ;
Oracle Weblogic Server, Portal, Data Service ;
Oracle Data Service Integrator ;
AquaLogic Data Services Platform;
JRockit.

L'exploitation de ces vulnérabilités permet de réaliser diverses actions malveillantes, dont l'exécution de code arbitraire à distance pour certaines.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	Weblogic	Oracle WebLogic Server version 10.3 ;
Oracle	N/A	Oracle E-Business Suite Release 12, version 12.0.6 ;
Oracle	N/A	Oracle Database 9i Release 2, versions 9.2.0.8 et 9.2.0.8DV ;
Oracle	N/A	Oracle JRockit (anciennement BEA JRockit) version R27.6.2 et versions antérieures.
Oracle	N/A	Oracle E-Business Suite Release 11i, version 11.5.10.2 ;
Oracle	N/A	Oracle Database 10g, version 10.1.0.5 ;
Oracle	PeopleSoft	PeopleSoft Enterprise HRMS versions 8.9 et 9.0 ;
Oracle	N/A	Oracle Database 10g Release 2, versions 10.2.0.3 et 10.2.0.4 ;
Oracle	Weblogic	Oracle WebLogic Portal versions 8.1 à 8.1 SP6 ;
Oracle	N/A	Oracle BI Publisher versions 10.1.3.3.0, 10.1.3.3.1, 10.1.3.3.2, 10.1.3.3.3 et 10.1.3.4 ;
Oracle	N/A	Oracle Database 11g, versions 11.1.0.6 et 11.1.0.7 ;
Oracle	N/A	Oracle Application Server 10g Release 2 (10.1.2), version 10.1.2.3.0 ;
Oracle	Weblogic	Oracle WebLogic Server versions 9.0 GA, 9.1 GA et 9.2 jusqu'à la version 9.2 MP3 ;
Oracle	Weblogic	Oracle WebLogic Server versions 7.0 à 7.0 SP7 ;
Oracle	N/A	Oracle Data Service Integrator versions 10.3.0 ;
Oracle	N/A	Oracle AquaLogic Data Services Platform versions 3.2, 3.0.1 et 3.0 ;
Oracle	N/A	Oracle Outside In SDK HTML Export versions 8.2.2 et 8.3.0 ;
Oracle	PeopleSoft	PeopleSoft Enterprise PeopleTools version 8.49 ;
Oracle	N/A	Oracle XML Publisher version 5.6.2, 10.1.3.2 et 10.1.3.2.1 ;
Oracle	Weblogic	Oracle WebLogic Server versions 8.1 à 8.1 SP6 ;

References

Title

Publication Time

FKIE_CVE-2009-1009

Vulnerability from fkie_nvd - Published: 2009-04-15 10:30 - Updated: 2026-04-23 00:35

Severity

Summary

Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML.

References

URL	Tags
secalert_us@oracle.com	http://osvdb.org/53748	Broken Link
secalert_us@oracle.com	http://secunia.com/advisories/34693	Permissions Required
secalert_us@oracle.com	http://www-01.ibm.com/support/docview.wss?uid=swg21660640	Third Party Advisory
secalert_us@oracle.com	http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html	Third Party Advisory
secalert_us@oracle.com	http://www.securityfocus.com/bid/34461	Third Party Advisory, VDB Entry
secalert_us@oracle.com	http://www.securitytracker.com/id?1022055	Third Party Advisory, VDB Entry
secalert_us@oracle.com	http://www.us-cert.gov/cas/techalerts/TA09-105A.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/53748	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/34693	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21660640	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/34461	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1022055	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-105A.html	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
oracle	application_server	8.1.9
ibm	websphere_portal	6.0.0.0
ibm	websphere_portal	6.0.1.0
ibm	websphere_portal	6.1.0.0
ibm	websphere_portal	6.1.5.0
ibm	websphere_portal	7.0.0.0
ibm	websphere_portal	8.0.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:application_server:8.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D12B2DE-9584-4644-9A4E-6A627EF61D6D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C753E1B-D81B-4995-877E-58EDD6F49DDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_portal:6.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "092F8012-A1EE-46CE-B2B2-0604BF4ACBBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E618064A-3D05-4DC6-9A47-0EDF2427642F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F1964FC-672F-4139-938F-A8EF9D86D9C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D303B0B9-CDAB-409B-AE44-512D4791C36F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C90EF7A4-8181-42C3-BB95-395D0DD94C14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en el componente Outside In Technology en Oracle Application Server v8.1.9 que permite a los usuarios locales afectar a la confidencialidad, integridad y disponibilidad en relaci\u00f3n a HTML."
    }
  ],
  "id": "CVE-2009-1009",
  "lastModified": "2026-04-23T00:35:47.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-04-15T10:30:00.967",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/53748"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://secunia.com/advisories/34693"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/34461"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1022055"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/53748"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://secunia.com/advisories/34693"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/34461"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1022055"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-W5RC-CMV9-6H7M

Vulnerability from github – Published: 2022-05-02 03:20 – Updated: 2022-05-02 03:20

Details

Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-1009"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-04-15T10:30:00Z",
    "severity": "MODERATE"
  },
  "details": "Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML.",
  "id": "GHSA-w5rc-cmv9-6h7m",
  "modified": "2022-05-02T03:20:50Z",
  "published": "2022-05-02T03:20:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1009"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/53748"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/34693"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/34461"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1022055"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2009-1009

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML.

Aliases

CVE-2009-1009

Aliases

CVE-2009-1009

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-1009",
    "description": "Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML.",
    "id": "GSD-2009-1009"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-1009"
      ],
      "details": "Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML.",
      "id": "GSD-2009-1009",
      "modified": "2023-12-13T01:19:47.764175Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert_us@oracle.com",
        "ID": "CVE-2009-1009",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1022055",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1022055"
          },
          {
            "name": "34461",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/34461"
          },
          {
            "name": "53748",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/53748"
          },
          {
            "name": "34693",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/34693"
          },
          {
            "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640",
            "refsource": "CONFIRM",
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
          },
          {
            "name": "TA09-105A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:8.1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_portal:6.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_portal:6.0.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2009-1009"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA09-105A",
              "refsource": "CERT",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
            },
            {
              "name": "1022055",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id?1022055"
            },
            {
              "name": "34693",
              "refsource": "SECUNIA",
              "tags": [
                "Permissions Required"
              ],
              "url": "http://secunia.com/advisories/34693"
            },
            {
              "name": "53748",
              "refsource": "OSVDB",
              "tags": [
                "Broken Link"
              ],
              "url": "http://osvdb.org/53748"
            },
            {
              "name": "34461",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/34461"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2016-11-18T15:22Z",
      "publishedDate": "2009-04-15T10:30Z"
    }
  }
}

VAR-200904-0429

Vulnerability from variot - Updated: 2023-12-18 10:59

Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. Oracle Outside In is prone to multiple buffer-overflow vulnerabilities because the software fails to properly bounds-check user-supplied input. An attacker can exploit these issue by tricking a victim into opening a specially crafted file with an application using the affected library. Successful exploits will allow arbitrary code to run in the context of the user running the affected application. NOTE: These issues were previously covered in BID 34461 (Oracle April 2009 Critical Patch Update Multiple Vulnerabilities), but have been given their own record to better document them. ----------------------------------------------------------------------

Are you missing:

SECUNIA ADVISORY ID:

Critical:

Impact:

Where:

within the advisory below?

This is now part of the Secunia commercial solutions.

For more information see vulnerability #6 through #9 in: SA34693

SOLUTION: The vendor recommends to delete the GdFileConv.exe file. See vendor's advisory for additional details. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

iDefense Security Advisory 05.14.09 http://labs.idefense.com/intelligence/vulnerabilities/ May 14, 2009

I. BACKGROUND

Oracle Corp.'s Outside In Technology is a document conversion engine supporting a large number of binary file formats. Prior to Oracle's acquisition, the software was maintained by Stellent Inc. The software appears to have originated from "QuickView" for Windows 98, but later spun off. It is used by various software packages, one of which is Motorola Inc.'s Good Mobile Messaging Server. For more information, visit the vendors' sites at the URLs provided below.

http://www.oracle.com/technology/products/content-management/oit/oit_all.html

http://www.good.com/corp/index.php

II. DESCRIPTION

Remote exploitation of multiple buffer overflow vulnerabilities in Oracle Corp.'s Outside In Technology, as included in various vendors' software distributions, allow attackers to execute arbitrary code.

Two vulnerabilities exist due to a lack of bounds checking when processing specially crafted Microsoft Excel spreadsheet files. The two issues exist in two distinct functions. The two vulnerabilities are nearly identical, with the differentiating factor being the value of a flag bit within a record of the file. If the bit is set, the code path to the first vulnerable function is taken. Otherwise, the code path to the second vulnerable function is taken.

The cause of the vulnerability is the same in each case. An array of structures, stored on the stack, is manipulated in a loop without validating the bounds of the array. By crafting a file containing a properly malformed record, it is possible to write outside the bounds of this array. The resulting stack corruption can lead to arbitrary code execution.

III. ANALYSIS

Exploitation of these vulnerabilities allows attackers to execute arbitrary code. In order to exploit these vulnerabilities, the attacker must somehow supply a malformed document to an application that will process the document with Outside In Technology. Likewise, the privileges gained will also depend on the software using the library.

In the case of Good Mobile Messaging Server, an attacker can send an electronic mail message with an Excel spreadsheet attachment to a user. When the user chooses to view the spreadsheet, the vulnerable condition will be triggered. Upon successful exploitation, the attacker will gain the privileges of the "GoodAdmin" user. This is a special user account which, in some configurations, may be a member of the "Administrator" group. Regardless of the user's "Administrator" status, the user will always have full privileges to "Read" and "Send As" all users on the Microsoft Exchange server. This could allow an attacker to conduct further social engineering attacks.

Other software packages using Outside In were not investigated.

IV. DETECTION

iDefense confirmed the existence of these vulnerabilities using the follow versions of Outside In on Windows Server 2003 SP2.

8.1.5.4282 8.1.9.4417 8.2.2.4866 8.3.0.5129

Additionally the following versions of Good Mobile Messaging Server for Exchange ship with vulnerable versions of vsxl5.dll.

4.9.3.41 5.0.4.28 6.0.0.106

All versions of Outside In, including versions for operating systems other than Windows, are assumed to be vulnerable. Additionally, all software that includes or uses Outside In is assumed to be vulnerable. Earlier versions, including those branded with other names, are vulnerable as well.

V. WORKAROUND

In order to prevent exploitation of this vulnerability, iDefense recommends using file system access control lists (ACLs) to prevent reading the affected module.

For Good Mobile Messaging Server, Good Software recommends deleting the GdFileConv.exe file and restarting the Messaging Server.

VI. VENDOR RESPONSE

Oracle has released a patch which addresses this issue. For more information, consult their advisory at the following URL:

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html

Good Technology has released a patch which addresses this issue. For more information, consult their advisory at the following URL:

http://www.good.com/faq/18431.html

VII. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2009-1009 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems.

VIII. DISCLOSURE TIMELINE

01/30/2009 - GoodLink contact identified 01/30/2009 - Security contact research begins 02/05/2009 - Oracle contact identified 02/09/2009 - Initial Oracle Reply 02/09/2009 - Initial Vendor Notification 02/10/2009 - Initial GoodLink Reply 02/11/2009 - Oracle validation 02/16/2009 - GoodLink customer alert sent 02/16/2009 - GoodLink validation 02/19/2009 - Oracle requests PoC 02/19/2009 - PoC sent to Oracle 02/25/2009 - GoodLink status update 02/27/2009 - Oracle status update 03/06/2009 - GoodLink status update 04/14/2009 - Oracle patch released 05/13/2009 - CVE Corelation requested from Oracle 05/14/2009 - Coordinated Public Disclosure 05/14/2009 - GoodLink ready for disclosure coordinated with iDefense

IX. CREDIT

This vulnerability was discovered by Joshua J. Drake, iDefense Labs.

Get paid for vulnerability research http://labs.idefense.com/methodology/vulnerability/vcp.php

Free tools, research and upcoming events http://labs.idefense.com/

X. LEGAL NOTICES

Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDefense. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please e-mail customerservice@idefense.com for permission.

Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFKDc+jbjs6HoxIfBkRAvY9AJ9WjWSDZK8tmiaAo5tLkrRZrDDscwCeJ8qk 0aG0K5EpST6rBQF7jgOIhC8= =94Xc -----END PGP SIGNATURE-----

Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .

I. The document provides information about affected components, access and authorization required for successful exploitation, and the impact from the vulnerabilities on data confidentiality, integrity, and availability. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database. Impact

The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.

Produced 2009 by US-CERT, a government organization. Upon entering the vulnerable function, data is copied from a heap buffer into a stack buffer without ensuring that the data will fit.

It is interesting to note that this vulnerability was fixed some time between the release of version 8.1.5 and version 8.1.9. No public record exists documenting the existence of this vulnerability.

iDefense confirmed that the following versions are not affected:

8.1.9.4417 (shipped with GMMS 5.0.4.28 and GMMS 6.0.0.106) 8.2.2.4866 8.3.0.5129

V. ----------------------------------------------------------------------

Secunia is pleased to announce the release of the annual Secunia report for 2008. Some have unknown impacts, others can be exploited by malicious users to conduct SQL injection attacks or disclose sensitive information, and by malicious people compromise a vulnerable system.

1) A format string error exists within the Oracle Process Manager and Notification (opmn) daemon, which can be exploited to execute arbitrary code via a specially crafted POST request to port 6000/TCP.

2) Input passed to the "DBMS_AQIN" package is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

3) An error in the Application Express component included in Oracle Database can be exploited by unprivileged database users to disclose APEX password hashes in "LOWS_030000.WWV_FLOW_USER".

The remaining vulnerabilities are caused due to unspecified errors.

PROVIDED AND/OR DISCOVERED BY: 1) Joxean Koret of TippingPoint 2, 3) Alexander Kornbrust of Red Database Security

The vendor also credits: * Joshua J. * Esteban Martinez Fayo of Application Security, Inc. * Franz Huell of Red Database Security; * Mike Janowski of Neohapsis, Inc. * Joxean Koret * David Litchfield of NGS Software * Tanel Poder * Sven Vetter of Trivadis * Dennis Yurichev

ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html

ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-017/

Red Database Security: http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html http://www.red-database-security.com/advisory/apex_password_hashes.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200904-0429",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "application server",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "oracle",
        "version": "8.1.9"
      },
      {
        "model": "websphere portal",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "8.0.0.0"
      },
      {
        "model": "websphere portal",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "6.1.0.0"
      },
      {
        "model": "websphere portal",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "6.0.0.0"
      },
      {
        "model": "websphere portal",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "7.0.0.0"
      },
      {
        "model": "websphere portal",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "6.1.5.0"
      },
      {
        "model": "websphere portal",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ibm",
        "version": "6.0.1.0"
      },
      {
        "model": "websphere portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "6.0.1"
      },
      {
        "model": "websphere portal",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "6.0.0"
      },
      {
        "model": "websphere portal",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "6.1.5"
      },
      {
        "model": "websphere portal",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "6.1.0"
      },
      {
        "model": "websphere portal",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "8"
      },
      {
        "model": "websphere portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "6.1.5.3 cf27"
      },
      {
        "model": "websphere portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.0.0.2 cf25"
      },
      {
        "model": "websphere portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "8.0.0.1 cf08"
      },
      {
        "model": "websphere portal",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7"
      },
      {
        "model": "websphere portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "6.1.0.6 cf27"
      },
      {
        "model": "websphere portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "6.0.0.1"
      },
      {
        "model": "outside in sdk html export",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "model": "outside in sdk html export",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "oracle",
        "version": "8.2.2"
      },
      {
        "model": "jrockit r27.1.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "xml publisher",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.2"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.01"
      },
      {
        "model": "systems weblogic portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "oracle9i personal edition .8dv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.49"
      },
      {
        "model": "oracle11g standard edition one",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.16"
      },
      {
        "model": "data service integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3"
      },
      {
        "model": "bi publisher",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.3.3"
      },
      {
        "model": "xml publisher",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.2.1"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.3.0"
      },
      {
        "model": "aqualogic data services platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8.0"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.06"
      },
      {
        "model": "aqualogic data services platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0.1"
      },
      {
        "model": "systems weblogic portal sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "xml publisher",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.2"
      },
      {
        "model": "oracle11g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.16"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.5"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.11"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.13"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.04"
      },
      {
        "model": "oracle11g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.0.7"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.1"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "10.0"
      },
      {
        "model": "jrockit r27.6.2",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.07"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.0.4"
      },
      {
        "model": "systems weblogic portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.0.4"
      },
      {
        "model": "systems weblogic portal sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "10.3"
      },
      {
        "model": "systems weblogic portal sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "systems weblogic portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "bi publisher",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.3.1"
      },
      {
        "model": "systems weblogic server maintenance pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.2"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.13"
      },
      {
        "model": "oracle9i standard edition .8dv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.5"
      },
      {
        "model": "oracle9i enterprise edition .8dv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.5"
      },
      {
        "model": "bi publisher",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.3.0"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.1"
      },
      {
        "model": "peoplesoft enterprise hrms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0"
      },
      {
        "model": "bi publisher",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.3.2"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.12"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.15"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.05"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.16"
      },
      {
        "model": "systems weblogic server mp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "10.0"
      },
      {
        "model": "peoplesoft enterprise hrms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.9"
      },
      {
        "model": "audit vault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "jrockit r27.6.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.02"
      },
      {
        "model": "systems weblogic portal sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "bi publisher",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.4"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.14"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.12"
      },
      {
        "model": "weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.11"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.0.6"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.0.4"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "oracle11g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.16"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.14"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.03"
      },
      {
        "model": "systems weblogic server sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.2"
      },
      {
        "model": "aqualogic data services platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.0"
      },
      {
        "model": "outside in",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.3.0.5129"
      },
      {
        "model": "outside in",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.2.2.4866"
      },
      {
        "model": "outside in",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.9.4417"
      },
      {
        "model": "outside in",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.1.5.4282"
      },
      {
        "model": "mobile messaging server for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "good",
        "version": "6.0.0.106"
      },
      {
        "model": "mobile messaging server for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "good",
        "version": "5.0.4.28"
      },
      {
        "model": "mobile messaging server for exchange",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "good",
        "version": "4.9.3.41"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "34461"
      },
      {
        "db": "BID",
        "id": "34994"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001239"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1009"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-326"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:8.1.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_portal:6.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ibm:websphere_portal:6.0.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-1009"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Esteban Martinez Fayo Joxean Koret   joxeankoret@yahoo.es",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-326"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2009-1009",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.4,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2009-1009",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2009-1009",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200904-326",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001239"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1009"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-326"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. Oracle Outside In is prone to multiple buffer-overflow vulnerabilities because the software fails to properly bounds-check user-supplied input. \nAn attacker can exploit these issue by tricking a victim into opening a specially crafted file with an application using the affected library. Successful exploits will allow arbitrary code to run in the context of the user running the affected application. \nNOTE: These issues were previously covered in BID 34461 (Oracle April 2009 Critical Patch Update Multiple Vulnerabilities), but have been given their own record to better document them. ----------------------------------------------------------------------\n\nAre you missing:\n\nSECUNIA ADVISORY ID:\n\nCritical:\n\nImpact:\n\nWhere:\n\nwithin the advisory below?\n\nThis is now part of the Secunia commercial solutions. \n\nFor more information see vulnerability #6 through #9 in:\nSA34693\n\nSOLUTION:\nThe vendor recommends to delete the GdFileConv.exe file. See vendor\u0027s\nadvisory for additional details. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\niDefense Security Advisory 05.14.09\nhttp://labs.idefense.com/intelligence/vulnerabilities/\nMay 14, 2009\n\nI. BACKGROUND\n\nOracle Corp.\u0027s Outside In Technology is a document conversion engine\nsupporting a large number of binary file formats. Prior to Oracle\u0027s\nacquisition, the software was maintained by Stellent Inc. The software\nappears to have originated from \"QuickView\" for Windows 98, but later\nspun off. It is used by various software packages, one of which is\nMotorola Inc.\u0027s Good Mobile Messaging Server. For more information,\nvisit the vendors\u0027 sites at the URLs provided below. \n\nhttp://www.oracle.com/technology/products/content-management/oit/oit_all.html\n\nhttp://www.good.com/corp/index.php\n\nII. DESCRIPTION\n\nRemote exploitation of multiple buffer overflow vulnerabilities in\nOracle Corp.\u0027s Outside In Technology, as included in various vendors\u0027\nsoftware distributions, allow attackers to execute arbitrary code. \n\nTwo vulnerabilities exist due to a lack of bounds checking when\nprocessing specially crafted Microsoft Excel spreadsheet files. The two\nissues exist in two distinct functions. The two vulnerabilities are\nnearly identical, with the differentiating factor being the value of a\nflag bit within a record of the file. If the bit is set, the code path\nto the first vulnerable function is taken. Otherwise, the code path to\nthe second vulnerable function is taken. \n\nThe cause of the vulnerability is the same in each case. An array of\nstructures, stored on the stack, is manipulated in a loop without\nvalidating the bounds of the array. By crafting a file containing a\nproperly malformed record, it is possible to write outside the bounds\nof this array. The resulting stack corruption can lead to arbitrary\ncode execution. \n\nIII. ANALYSIS\n\nExploitation of these vulnerabilities allows attackers to execute\narbitrary code. In order to exploit these vulnerabilities, the attacker\nmust somehow supply a malformed document to an application that will\nprocess the document with Outside In Technology. Likewise, the\nprivileges gained will also depend on the software using the library. \n\nIn the case of Good Mobile Messaging Server, an attacker can send an\nelectronic mail message with an Excel spreadsheet attachment to a user. \nWhen the user chooses to view the spreadsheet, the vulnerable condition\nwill be triggered. Upon successful exploitation, the attacker will gain\nthe privileges of the \"GoodAdmin\" user. This is a special user account\nwhich, in some configurations, may be a member of the \"Administrator\"\ngroup. Regardless of the user\u0027s \"Administrator\" status, the user will\nalways have full privileges to \"Read\" and \"Send As\" all users on the\nMicrosoft Exchange server. This could allow an attacker to conduct\nfurther social engineering attacks. \n\nOther software packages using Outside In were not investigated. \n\nIV. DETECTION\n\niDefense confirmed the existence of these vulnerabilities using the\nfollow versions of Outside In on Windows Server 2003 SP2. \n\n  8.1.5.4282\n  8.1.9.4417\n  8.2.2.4866\n  8.3.0.5129\n\nAdditionally the following versions of Good Mobile Messaging Server for\nExchange ship with vulnerable versions of vsxl5.dll. \n\n  4.9.3.41\n  5.0.4.28\n  6.0.0.106\n\nAll versions of Outside In, including versions for operating systems\nother than Windows, are assumed to be vulnerable. Additionally, all\nsoftware that includes or uses Outside In is assumed to be vulnerable. \nEarlier versions, including those branded with other names, are\nvulnerable as well. \n\nV. WORKAROUND\n\nIn order to prevent exploitation of this vulnerability, iDefense\nrecommends using file system access control lists (ACLs) to prevent\nreading the affected module. \n\nFor Good Mobile Messaging Server, Good Software recommends deleting the\nGdFileConv.exe file and restarting the Messaging Server. \n\nVI. VENDOR RESPONSE\n\nOracle has released a patch which addresses this issue. For more\ninformation, consult their advisory at the following URL:\n\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nGood Technology has released a patch which addresses this issue. For\nmore information, consult their advisory at the following URL:\n\nhttp://www.good.com/faq/18431.html\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CVE-2009-1009 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org/), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n01/30/2009  - GoodLink contact identified\n01/30/2009  - Security contact research begins\n02/05/2009  - Oracle contact identified\n02/09/2009  - Initial Oracle Reply\n02/09/2009  - Initial Vendor Notification\n02/10/2009  - Initial GoodLink Reply\n02/11/2009  - Oracle validation\n02/16/2009  - GoodLink customer alert sent\n02/16/2009  - GoodLink validation\n02/19/2009  - Oracle requests PoC\n02/19/2009  - PoC sent to Oracle\n02/25/2009  - GoodLink status update\n02/27/2009  - Oracle status update\n03/06/2009  - GoodLink status update\n04/14/2009  - Oracle patch released\n05/13/2009  - CVE Corelation requested from Oracle\n05/14/2009  - Coordinated Public Disclosure\n05/14/2009  - GoodLink ready for disclosure coordinated with iDefense\n\nIX. CREDIT\n\nThis vulnerability was discovered by Joshua J. Drake, iDefense Labs. \n\nGet paid for vulnerability research\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com/\n\nX. LEGAL NOTICES\n\nCopyright \\xa9 2009 iDefense, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDefense. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically,\nplease e-mail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \n There are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct,\nindirect, or consequential loss or damage arising from use of, or\nreliance on, this information. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.7 (MingW32)\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org\n\niD8DBQFKDc+jbjs6HoxIfBkRAvY9AJ9WjWSDZK8tmiaAo5tLkrRZrDDscwCeJ8qk\n0aG0K5EpST6rBQF7jgOIhC8=\n=94Xc\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\n\nI. The\n   document provides information about affected components, access and\n   authorization required for successful exploitation, and the impact\n   from the vulnerabilities on data confidentiality, integrity, and\n   availability. If significant additional\n   details about vulnerabilities and remediation techniques become\n   available, we will update the Vulnerability Notes Database. Impact\n\n   The impact of these vulnerabilities varies depending on the\n   product, component, and configuration of the system. Potential\n   consequences include the execution of arbitrary code or commands,\n   information disclosure, and denial of service. Vulnerable\n   components may be available to unauthenticated, remote attackers. \n   An attacker who compromises an Oracle database may be able to\n   access sensitive information. Note that this\n   document only lists newly corrected issues. Updates to patches for\n   previously known issues are not listed. Please send\n   email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n   the subject. \n ____________________________________________________________________\n\n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n   Produced 2009 by US-CERT, a government organization. Upon\nentering the vulnerable function, data is copied from a heap buffer\ninto a stack buffer without ensuring that the data will fit. \n\nIt is interesting to note that this vulnerability was fixed some time\nbetween the release of version 8.1.5 and version 8.1.9. No public\nrecord exists documenting the existence of this vulnerability. \n\niDefense confirmed that the following versions are not affected:\n\n  8.1.9.4417 (shipped with GMMS 5.0.4.28 and GMMS 6.0.0.106)\n  8.2.2.4866\n  8.3.0.5129\n\nV. ----------------------------------------------------------------------\n\nSecunia is pleased to announce the release of the annual Secunia\nreport for 2008. \nSome have unknown impacts, others can be exploited by malicious users\nto conduct SQL injection attacks or disclose sensitive information,\nand by malicious people  compromise a vulnerable system. \n\n1) A format string error exists within the Oracle Process Manager and\nNotification (opmn) daemon, which can be exploited to execute\narbitrary code via a specially crafted POST request to port\n6000/TCP. \n\n2) Input passed to the \"DBMS_AQIN\" package is not properly sanitised\nbefore being used. This can be exploited to manipulate SQL queries by\ninjecting arbitrary SQL code. \n\n3) An error in the Application Express component included in Oracle\nDatabase can be exploited by unprivileged database users to disclose\nAPEX password hashes in \"LOWS_030000.WWV_FLOW_USER\". \n\nThe remaining vulnerabilities are caused due to unspecified errors. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) Joxean Koret of TippingPoint\n2, 3) Alexander Kornbrust of Red Database Security\n\nThe vendor also credits:\n* Joshua J. \n* Esteban Martinez Fayo of Application Security, Inc. \n* Franz Huell of Red Database Security;\n* Mike Janowski of Neohapsis, Inc. \n* Joxean Koret\n* David Litchfield of NGS Software\n* Tanel Poder\n* Sven Vetter of Trivadis\n* Dennis Yurichev\n\nORIGINAL ADVISORY:\nOracle:\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-017/\n\nRed Database Security:\nhttp://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html\nhttp://www.red-database-security.com/advisory/apex_password_hashes.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-1009"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001239"
      },
      {
        "db": "BID",
        "id": "34461"
      },
      {
        "db": "BID",
        "id": "34994"
      },
      {
        "db": "PACKETSTORM",
        "id": "77574"
      },
      {
        "db": "PACKETSTORM",
        "id": "77567"
      },
      {
        "db": "PACKETSTORM",
        "id": "76710"
      },
      {
        "db": "PACKETSTORM",
        "id": "77566"
      },
      {
        "db": "PACKETSTORM",
        "id": "76704"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2009-1009",
        "trust": 3.2
      },
      {
        "db": "SECUNIA",
        "id": "34693",
        "trust": 2.6
      },
      {
        "db": "USCERT",
        "id": "TA09-105A",
        "trust": 2.5
      },
      {
        "db": "SECTRACK",
        "id": "1022055",
        "trust": 2.4
      },
      {
        "db": "OSVDB",
        "id": "53748",
        "trust": 2.4
      },
      {
        "db": "BID",
        "id": "34461",
        "trust": 1.3
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-1042",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001239",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "TA09-105A",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-326",
        "trust": 0.6
      },
      {
        "db": "ZDI",
        "id": "ZDI-09-017",
        "trust": 0.4
      },
      {
        "db": "BID",
        "id": "34994",
        "trust": 0.3
      },
      {
        "db": "SECUNIA",
        "id": "35135",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "77574",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "77567",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "76710",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "77566",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "76704",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "34461"
      },
      {
        "db": "BID",
        "id": "34994"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001239"
      },
      {
        "db": "PACKETSTORM",
        "id": "77574"
      },
      {
        "db": "PACKETSTORM",
        "id": "77567"
      },
      {
        "db": "PACKETSTORM",
        "id": "76710"
      },
      {
        "db": "PACKETSTORM",
        "id": "77566"
      },
      {
        "db": "PACKETSTORM",
        "id": "76704"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1009"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-326"
      }
    ]
  },
  "id": "VAR-200904-0429",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.065972224
  },
  "last_update_date": "2023-12-18T10:59:59.247000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cpuapr2009",
        "trust": 0.8,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
      },
      {
        "title": "1660640",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
      },
      {
        "title": "1660774",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660774"
      },
      {
        "title": "090417_86",
        "trust": 0.8,
        "url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
      },
      {
        "title": "TA09-105A",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001239"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-1009"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://osvdb.org/53748"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/34693"
      },
      {
        "trust": 2.4,
        "url": "http://www.securitytracker.com/id?1022055"
      },
      {
        "trust": 2.4,
        "url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
      },
      {
        "trust": 2.1,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
      },
      {
        "trust": 1.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/34461"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1009"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta09-105a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1009"
      },
      {
        "trust": 0.8,
        "url": "http://www.vupen.com/english/advisories/2009/1042"
      },
      {
        "trust": 0.6,
        "url": "http://www.oracle.com"
      },
      {
        "trust": 0.6,
        "url": "http://www.good.com/faq/18431.html"
      },
      {
        "trust": 0.4,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
      },
      {
        "trust": 0.4,
        "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
      },
      {
        "trust": 0.4,
        "url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
      },
      {
        "trust": 0.4,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=798"
      },
      {
        "trust": 0.4,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=801"
      },
      {
        "trust": 0.4,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=800"
      },
      {
        "trust": 0.4,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=799"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/secunia_research/2009-23/"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/secunia_research/2009-22/"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/502845"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/502707"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/502697"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/502727"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/502723"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/506160"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/502724"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/502683"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/503487"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/503622"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/503625"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/503624"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/34693/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://www.good.com/corp/index.php"
      },
      {
        "trust": 0.2,
        "url": "http://enigmail.mozdev.org"
      },
      {
        "trust": 0.2,
        "url": "http://cve.mitre.org/),"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/"
      },
      {
        "trust": 0.2,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/"
      },
      {
        "trust": 0.2,
        "url": "http://labs.idefense.com/methodology/vulnerability/vcp.php"
      },
      {
        "trust": 0.2,
        "url": "http://www.oracle.com/technology/products/content-management/oit/oit_all.html"
      },
      {
        "trust": 0.2,
        "url": "http://labs.idefense.com/"
      },
      {
        "trust": 0.2,
        "url": "http://lists.grok.org.uk/full-disclosure-charter.html"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-1009"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/35135/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/business_solutions/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/try_vi/"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/signup.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/try_vi/request_2008_report/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "34461"
      },
      {
        "db": "BID",
        "id": "34994"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001239"
      },
      {
        "db": "PACKETSTORM",
        "id": "77574"
      },
      {
        "db": "PACKETSTORM",
        "id": "77567"
      },
      {
        "db": "PACKETSTORM",
        "id": "76710"
      },
      {
        "db": "PACKETSTORM",
        "id": "77566"
      },
      {
        "db": "PACKETSTORM",
        "id": "76704"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1009"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-326"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "34461"
      },
      {
        "db": "BID",
        "id": "34994"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001239"
      },
      {
        "db": "PACKETSTORM",
        "id": "77574"
      },
      {
        "db": "PACKETSTORM",
        "id": "77567"
      },
      {
        "db": "PACKETSTORM",
        "id": "76710"
      },
      {
        "db": "PACKETSTORM",
        "id": "77566"
      },
      {
        "db": "PACKETSTORM",
        "id": "76704"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1009"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-326"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-04-09T00:00:00",
        "db": "BID",
        "id": "34461"
      },
      {
        "date": "2009-04-09T00:00:00",
        "db": "BID",
        "id": "34994"
      },
      {
        "date": "2009-05-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-001239"
      },
      {
        "date": "2009-05-18T15:35:49",
        "db": "PACKETSTORM",
        "id": "77574"
      },
      {
        "date": "2009-05-16T18:48:21",
        "db": "PACKETSTORM",
        "id": "77567"
      },
      {
        "date": "2009-04-15T23:15:44",
        "db": "PACKETSTORM",
        "id": "76710"
      },
      {
        "date": "2009-05-16T18:46:42",
        "db": "PACKETSTORM",
        "id": "77566"
      },
      {
        "date": "2009-04-15T15:08:54",
        "db": "PACKETSTORM",
        "id": "76704"
      },
      {
        "date": "2009-04-15T10:30:00.967000",
        "db": "NVD",
        "id": "CVE-2009-1009"
      },
      {
        "date": "2009-04-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200904-326"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-09-01T16:22:00",
        "db": "BID",
        "id": "34461"
      },
      {
        "date": "2009-05-19T19:20:00",
        "db": "BID",
        "id": "34994"
      },
      {
        "date": "2014-02-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-001239"
      },
      {
        "date": "2016-11-18T15:22:20.277000",
        "db": "NVD",
        "id": "CVE-2009-1009"
      },
      {
        "date": "2009-04-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200904-326"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "34461"
      },
      {
        "db": "BID",
        "id": "34994"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Oracle Application Server of  Outside In Technology Component vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001239"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unknown",
    "sources": [
      {
        "db": "BID",
        "id": "34461"
      },
      {
        "db": "BID",
        "id": "34994"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-1009 (GCVE-0-2009-1009)

CERTA-2009-AVI-154

Description

Solution

CERTA-2009-AVI-154

Description

Solution

FKIE_CVE-2009-1009

GHSA-W5RC-CMV9-6H7M

GSD-2009-1009

VAR-200904-0429

Tags

Sightings

Nomenclature