cvelistv5 - cve-2009-1012

CVE-2009-1012 (GCVE-0-2009-1012)

Vulnerability from cvelistv5 – Published: 2009-04-15 10:00 – Updated: 2024-08-07 04:57

Summary

Severity ?

No CVSS data available.

CWE

Assigner

oracle

References

URL

Tags

	http://www.securitytracker.com/id?1022059	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/34461	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.us-cert.gov/cas/techalerts/TA09-105A.html	third-party-advisoryx_refsource_CERT
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://secunia.com/secunia_research/2009-22/	x_refsource_MISC
	http://www.oracle.com/technology/deploy/security/…	x_refsource_CONFIRM
	http://osvdb.org/53765	vdb-entryx_refsource_OSVDB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:57:17.531Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1022059",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022059"
          },
          {
            "name": "34461",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34461"
          },
          {
            "name": "oracle-bea-http-bo(64935)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64935"
          },
          {
            "name": "TA09-105A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2009-22/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
          },
          {
            "name": "53765",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/53765"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-04-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability.  NOTE: the previous information was obtained from the April 2009 CPU.  Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "1022059",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022059"
        },
        {
          "name": "34461",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34461"
        },
        {
          "name": "oracle-bea-http-bo(64935)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64935"
        },
        {
          "name": "TA09-105A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2009-22/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
        },
        {
          "name": "53765",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/53765"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2009-1012",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability.  NOTE: the previous information was obtained from the April 2009 CPU.  Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1022059",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022059"
            },
            {
              "name": "34461",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/34461"
            },
            {
              "name": "oracle-bea-http-bo(64935)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64935"
            },
            {
              "name": "TA09-105A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
            },
            {
              "name": "http://secunia.com/secunia_research/2009-22/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2009-22/"
            },
            {
              "name": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
            },
            {
              "name": "53765",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/53765"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2009-1012",
    "datePublished": "2009-04-15T10:00:00",
    "dateReserved": "2009-03-19T00:00:00",
    "dateUpdated": "2024-08-07T04:57:17.531Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:bea_product_suite:7.0:sp7:*:*:*:*:*:*\", \"matchCriteriaId\": \"6859E096-4FA7-4797-B2D6-C5CE15D2078C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:bea_product_suite:8.1:sp6:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B8AB045-051A-477E-B2F7-4057826C43F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:bea_product_suite:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B5D9ABA-10EE-4EE2-9814-BDFBBE9A6014\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:bea_product_suite:9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09215858-8A4F-4595-98DD-39027EC6CC1A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:bea_product_suite:9.2:mp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7390B6A-7944-4509-B499-5B51DB9BF42E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:bea_product_suite:10.0:mp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"193516AD-8096-4A6E-9C4B-4B9717DD7021\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:bea_product_suite:10.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B1C64BD-7C8C-4B28-9EA8-5198B6C71AD1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability.  NOTE: the previous information was obtained from the April 2009 CPU.  Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad no especificada en el componente WebLogic Server en BEA Product Suite v10.3, v10.0 MP1, v9.2 MP3, v9.1, v9.0, v8.1 SP6, y v7.0 SP7 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad, relacionada con IIS.\"}]",
      "id": "CVE-2009-1012",
      "lastModified": "2024-11-21T01:01:27.550",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2009-04-15T10:30:01.017",
      "references": "[{\"url\": \"http://osvdb.org/53765\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://secunia.com/secunia_research/2009-22/\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www.oracle.com/technology/deploy/security/wls-security/1012.html\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www.securityfocus.com/bid/34461\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www.securitytracker.com/id?1022059\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-105A.html\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/64935\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://osvdb.org/53765\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/secunia_research/2009-22/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technology/deploy/security/wls-security/1012.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/34461\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1022059\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-105A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/64935\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert_us@oracle.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-1012\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2009-04-15T10:30:01.017\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability.  NOTE: the previous information was obtained from the April 2009 CPU.  Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en el componente WebLogic Server en BEA Product Suite v10.3, v10.0 MP1, v9.2 MP3, v9.1, v9.0, v8.1 SP6, y v7.0 SP7 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad, relacionada con IIS.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:bea_product_suite:7.0:sp7:*:*:*:*:*:*\",\"matchCriteriaId\":\"6859E096-4FA7-4797-B2D6-C5CE15D2078C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:bea_product_suite:8.1:sp6:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B8AB045-051A-477E-B2F7-4057826C43F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:bea_product_suite:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B5D9ABA-10EE-4EE2-9814-BDFBBE9A6014\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:bea_product_suite:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09215858-8A4F-4595-98DD-39027EC6CC1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:bea_product_suite:9.2:mp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7390B6A-7944-4509-B499-5B51DB9BF42E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:bea_product_suite:10.0:mp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"193516AD-8096-4A6E-9C4B-4B9717DD7021\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:bea_product_suite:10.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B1C64BD-7C8C-4B28-9EA8-5198B6C71AD1\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/53765\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://secunia.com/secunia_research/2009-22/\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.oracle.com/technology/deploy/security/wls-security/1012.html\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.securityfocus.com/bid/34461\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.securitytracker.com/id?1022059\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-105A.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/64935\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://osvdb.org/53765\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/secunia_research/2009-22/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technology/deploy/security/wls-security/1012.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/34461\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1022059\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-105A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/64935\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-200904-0432

Vulnerability from variot - Updated: 2023-12-18 11:36

Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.

I. Description

The Oracle Critical Patch Update Advisory - April 2009 addresses 43 vulnerabilities in various Oracle products and components. The document provides information about affected components, access and authorization required for successful exploitation, and the impact from the vulnerabilities on data confidentiality, integrity, and availability.

Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database.

II. Impact

The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information.

III. Solution

Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - April 2009. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed.

IV. References

Oracle Critical Patch Update Advisory - April 2009 - http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html
Critical Patch Updates and Security Alerts - http://www.oracle.com/technology/deploy/security/alerts.htm
Map of Public Vulnerability to Advisory/Alert - http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html

The most recent version of this document can be found at:

 <http://www.us-cert.gov/cas/techalerts/TA09-105A.html>

Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA09-105A Feedback VU#955892" in the subject.

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.

Produced 2009 by US-CERT, a government organization.

 <http://www.us-cert.gov/legal.html>

Revision History

April 15, 2009: Initial release

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4 2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do dsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM h6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy 11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU bsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw== =kziE -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200904-0432",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "bea product suite",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "oracle",
        "version": "10.3"
      },
      {
        "model": "bea product suite",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "oracle",
        "version": "9.0"
      },
      {
        "model": "bea product suite",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "oracle",
        "version": "9.1"
      },
      {
        "model": "bea product suite",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "oracle",
        "version": "8.1"
      },
      {
        "model": "bea product suite",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "oracle",
        "version": "9.2"
      },
      {
        "model": "bea product suite",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "oracle",
        "version": "10.0"
      },
      {
        "model": "bea product suite",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "oracle",
        "version": "7.0"
      },
      {
        "model": "bea product suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "10.0 mp1"
      },
      {
        "model": "bea product suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "7.0 sp7"
      },
      {
        "model": "bea product suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "8.1 sp6"
      },
      {
        "model": "bea product suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "9.2 mp3"
      },
      {
        "model": "jrockit r27.1.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "xml publisher",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "5.6.2"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.01"
      },
      {
        "model": "systems weblogic portal sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "oracle9i personal edition .8dv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2"
      },
      {
        "model": "peoplesoft enterprise peopletools",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.49"
      },
      {
        "model": "oracle11g standard edition one",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.16"
      },
      {
        "model": "data service integrator",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3"
      },
      {
        "model": "bi publisher",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.3.3"
      },
      {
        "model": "xml publisher",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.2.1"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2.3.0"
      },
      {
        "model": "aqualogic data services platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "oracle9i enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8.0"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.06"
      },
      {
        "model": "aqualogic data services platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0.1"
      },
      {
        "model": "systems weblogic portal sp6",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "xml publisher",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.2"
      },
      {
        "model": "oracle11g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.16"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.5"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.11"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.13"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.04"
      },
      {
        "model": "oracle11g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.1.0.7"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.1"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "10.0"
      },
      {
        "model": "jrockit r27.6.2",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.07"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.0.4"
      },
      {
        "model": "systems weblogic portal sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.0.4"
      },
      {
        "model": "systems weblogic portal sp5",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.2"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "10.3"
      },
      {
        "model": "systems weblogic portal sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "systems weblogic portal",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "bi publisher",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.3.1"
      },
      {
        "model": "systems weblogic server maintenance pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.2"
      },
      {
        "model": "oracle9i standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.13"
      },
      {
        "model": "oracle9i standard edition .8dv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "oracle10g enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.5"
      },
      {
        "model": "oracle9i enterprise edition .8dv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2"
      },
      {
        "model": "oracle10g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.5"
      },
      {
        "model": "bi publisher",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.3.0"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.1"
      },
      {
        "model": "peoplesoft enterprise hrms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.0"
      },
      {
        "model": "bi publisher",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.3.2"
      },
      {
        "model": "e-business suite 11i",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.5.10.2"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.12"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.15"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.05"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.16"
      },
      {
        "model": "systems weblogic server mp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "10.0"
      },
      {
        "model": "peoplesoft enterprise hrms",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.9"
      },
      {
        "model": "audit vault",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.3"
      },
      {
        "model": "jrockit r27.6.0",
        "scope": null,
        "trust": 0.3,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.02"
      },
      {
        "model": "systems weblogic portal sp4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.1"
      },
      {
        "model": "bi publisher",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.1.3.4"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.14"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "8.12"
      },
      {
        "model": "weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.3"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.11"
      },
      {
        "model": "e-business suite",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "12.0.6"
      },
      {
        "model": "outside in sdk html export",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.3"
      },
      {
        "model": "oracle10g personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "10.2.0.4"
      },
      {
        "model": "oracle9i personal edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "9.2.8"
      },
      {
        "model": "oracle11g standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "11.16"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0.0.14"
      },
      {
        "model": "systems weblogic server sp",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.03"
      },
      {
        "model": "systems weblogic server sp7",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "7.0"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.2"
      },
      {
        "model": "outside in sdk html export",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "8.2.2"
      },
      {
        "model": "aqualogic data services platform",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.2"
      },
      {
        "model": "systems weblogic server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bea",
        "version": "9.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "34461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001247"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1012"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-329"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:10.0:mp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:9.2:mp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:10.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:8.1:sp6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:7.0:sp7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-1012"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Esteban Martinez Fayo Joxean Koret   joxeankoret@yahoo.es",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-329"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2009-1012",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2009-1012",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2009-1012",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200904-329",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001247"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1012"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-329"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability.  NOTE: the previous information was obtained from the April 2009 CPU.  Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow. Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:\nOracle Database\nOracle Audit Vault\nOracle Application Server\nOracle Outside In SDK HTML Export\nOracle XML Publisher\nOracle BI Publisher\nOracle E-Business Suite\nPeopleSoft Enterprise PeopleTools\nPeopleSoft Enterprise HRMS\nOracle WebLogic Server (formerly BEA WebLogic Server)\nOracle Data Service Integrator\nOracle AquaLogic Data Services Platform\nOracle JRockit. The impacts of these vulnerabilities include\n   remote execution of arbitrary code, information disclosure, and\n   denial of service. \n\n\nI. Description\n\n   The Oracle Critical Patch Update Advisory - April 2009 addresses 43\n   vulnerabilities in various Oracle products and components. The\n   document provides information about affected components, access and\n   authorization required for successful exploitation, and the impact\n   from the vulnerabilities on data confidentiality, integrity, and\n   availability. \n   \n   Oracle has associated CVE identifiers with the vulnerabilities\n   addressed in this Critical Patch Update. If significant additional\n   details about vulnerabilities and remediation techniques become\n   available, we will update the Vulnerability Notes Database. \n\n\nII. Impact\n\n   The impact of these vulnerabilities varies depending on the\n   product, component, and configuration of the system. Potential\n   consequences include the execution of arbitrary code or commands,\n   information disclosure, and denial of service. Vulnerable\n   components may be available to unauthenticated, remote attackers. \n   An attacker who compromises an Oracle database may be able to\n   access sensitive information. \n\n\nIII. Solution\n\n   Apply the appropriate patches or upgrade as specified in the Oracle\n   Critical Patch Update Advisory - April 2009. Note that this\n   document only lists newly corrected issues. Updates to patches for\n   previously known issues are not listed. \n\n\nIV. References\n\n * Oracle Critical Patch Update Advisory - April 2009 -\n   \u003chttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e\n\n * Critical Patch Updates and Security Alerts -\n   \u003chttp://www.oracle.com/technology/deploy/security/alerts.htm\u003e\n\n * Map of Public Vulnerability to Advisory/Alert -\n   \u003chttp://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e\n\n ____________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     \u003chttp://www.us-cert.gov/cas/techalerts/TA09-105A.html\u003e\n ____________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to \u003ccert@cert.org\u003e with \"TA09-105A Feedback VU#955892\" in\n   the subject. \n ____________________________________________________________________\n\n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n   Produced 2009 by US-CERT, a government organization. \n\n   Terms of use:\n\n     \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\nRevision History\n  \n  April 15, 2009: Initial release\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBSeY3bnIHljM+H4irAQIWvAf/dUpbNet17XLIfzFwu5wwA5wNm0foqBk4\n2PYNO2+ENjlLwT2Rn0dx3xu/C1aPGVxw53EI7doWJubO/W9K2WgOrTs8k7iF65Do\ndsTWGPi36XzIh4KShJ8NVssNUUqSyyD1QvCXxtOOuKFXfGRRAZlYTGYgYl92QjXM\nh6j8KKFHqvUdCg4+F+qB3TryswLk0/b2Si2+HW1cWGWpSryKfzIAZv5s2HfvW1Iy\n11fssZkyR0lvalVs/YSmiO3fsZZ2yigVL5WOwTUGreWnjKH+k13ooror0x5sIcwU\nbsfgxHssykStG+UbhxPW8Me6hrEyWkYJoziykWWo+5pCqbwGeqgSYw==\n=kziE\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-1012"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001247"
      },
      {
        "db": "BID",
        "id": "34461"
      },
      {
        "db": "PACKETSTORM",
        "id": "76710"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2009-1012",
        "trust": 2.7
      },
      {
        "db": "USCERT",
        "id": "TA09-105A",
        "trust": 2.5
      },
      {
        "db": "OSVDB",
        "id": "53765",
        "trust": 2.4
      },
      {
        "db": "SECTRACK",
        "id": "1022059",
        "trust": 2.4
      },
      {
        "db": "BID",
        "id": "34461",
        "trust": 1.3
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-1042",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001247",
        "trust": 0.8
      },
      {
        "db": "CERT/CC",
        "id": "TA09-105A",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-329",
        "trust": 0.6
      },
      {
        "db": "ZDI",
        "id": "ZDI-09-017",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "76710",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "34461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001247"
      },
      {
        "db": "PACKETSTORM",
        "id": "76710"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1012"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-329"
      }
    ]
  },
  "id": "VAR-200904-0432",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.065972224
  },
  "last_update_date": "2023-12-18T11:36:27.160000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cpuapr2009",
        "trust": 0.8,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
      },
      {
        "title": "1012",
        "trust": 0.8,
        "url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
      },
      {
        "title": "090417_86",
        "trust": 0.8,
        "url": "http://www.oracle.com/technology/global/jp/security/090417_86/top.html"
      },
      {
        "title": "TA09-105A",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta09-105a.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001247"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-1012"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://osvdb.org/53765"
      },
      {
        "trust": 2.4,
        "url": "http://www.securitytracker.com/id?1022059"
      },
      {
        "trust": 2.4,
        "url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html"
      },
      {
        "trust": 1.9,
        "url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
      },
      {
        "trust": 1.3,
        "url": "http://secunia.com/secunia_research/2009-22/"
      },
      {
        "trust": 1.2,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/bid/34461"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64935"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1012"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta09-105a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/jvntr-2009-11/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1012"
      },
      {
        "trust": 0.8,
        "url": "http://www.vupen.com/english/advisories/2009/1042"
      },
      {
        "trust": 0.3,
        "url": "http://secunia.com/secunia_research/2009-23/"
      },
      {
        "trust": 0.3,
        "url": "http://www.appsecinc.com/resources/alerts/oracle/2009-03.shtml"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/502845"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/502707"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/502697"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/502727"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/502723"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/506160"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/502724"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/502683"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-09-017/"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/wls-security/1002.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/wls-security/1003.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/wls-security/1004.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/wls-security/1005.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/wls-security/1006.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technology/deploy/security/wls-security/1016.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqadm_sys.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.red-database-security.com/advisory/oracle_sql_injection_dbms_aqin.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta09-105a.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.oracle.com/technology/deploy/security/alerts.htm\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/signup.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "34461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001247"
      },
      {
        "db": "PACKETSTORM",
        "id": "76710"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1012"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-329"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "34461"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001247"
      },
      {
        "db": "PACKETSTORM",
        "id": "76710"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-1012"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-329"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-04-09T00:00:00",
        "db": "BID",
        "id": "34461"
      },
      {
        "date": "2009-05-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-001247"
      },
      {
        "date": "2009-04-15T23:15:44",
        "db": "PACKETSTORM",
        "id": "76710"
      },
      {
        "date": "2009-04-15T10:30:01.017000",
        "db": "NVD",
        "id": "CVE-2009-1012"
      },
      {
        "date": "2009-04-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200904-329"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-09-01T16:22:00",
        "db": "BID",
        "id": "34461"
      },
      {
        "date": "2009-05-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-001247"
      },
      {
        "date": "2017-08-17T01:30:08.973000",
        "db": "NVD",
        "id": "CVE-2009-1012"
      },
      {
        "date": "2011-07-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200904-329"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "76710"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-329"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "BEA Product Suite of  Apache Plug-ins and  IIS Web server vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-001247"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200904-329"
      }
    ],
    "trust": 0.6
  }
}

GHSA-7G8R-925J-VGFH

Vulnerability from github – Published: 2022-05-02 03:20 – Updated: 2025-04-09 04:08

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-1012"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-04-15T10:30:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability.  NOTE: the previous information was obtained from the April 2009 CPU.  Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.",
  "id": "GHSA-7g8r-925j-vgfh",
  "modified": "2025-04-09T04:08:20Z",
  "published": "2022-05-02T03:20:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1012"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64935"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/53765"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/secunia_research/2009-22"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/34461"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1022059"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2009-AVI-154

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Oracle. L'exploitation de ces vulnérabilités permet de réaliser diverses actions malveillantes, dont l'exécution de code arbitraire à distance.

Description

Un grand nombre de vulnérabilités a été découvert dans les produits Oracle :

Oracle Database ;
Oracle Application Server ;
Oracle Collaboration Suite ;
Beehive Collaboration Suite ;
Oracle Enterprise Manager ;
Oracle E-Business Suite et Application ;
Oracle PoepleSoft Enterprise ;
JD Edwards EnterpriseOne ;
Oracle Siebel Enterprise ;
Oracle Weblogic Server, Portal, Data Service ;
Oracle Data Service Integrator ;
AquaLogic Data Services Platform;
JRockit.

L'exploitation de ces vulnérabilités permet de réaliser diverses actions malveillantes, dont l'exécution de code arbitraire à distance pour certaines.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	Weblogic	Oracle WebLogic Server version 10.3 ;
Oracle	N/A	Oracle E-Business Suite Release 12, version 12.0.6 ;
Oracle	N/A	Oracle Database 9i Release 2, versions 9.2.0.8 et 9.2.0.8DV ;
Oracle	N/A	Oracle JRockit (anciennement BEA JRockit) version R27.6.2 et versions antérieures.
Oracle	N/A	Oracle E-Business Suite Release 11i, version 11.5.10.2 ;
Oracle	N/A	Oracle Database 10g, version 10.1.0.5 ;
Oracle	PeopleSoft	PeopleSoft Enterprise HRMS versions 8.9 et 9.0 ;
Oracle	N/A	Oracle Database 10g Release 2, versions 10.2.0.3 et 10.2.0.4 ;
Oracle	Weblogic	Oracle WebLogic Portal versions 8.1 à 8.1 SP6 ;
Oracle	N/A	Oracle BI Publisher versions 10.1.3.3.0, 10.1.3.3.1, 10.1.3.3.2, 10.1.3.3.3 et 10.1.3.4 ;
Oracle	N/A	Oracle Database 11g, versions 11.1.0.6 et 11.1.0.7 ;
Oracle	N/A	Oracle Application Server 10g Release 2 (10.1.2), version 10.1.2.3.0 ;
Oracle	Weblogic	Oracle WebLogic Server versions 9.0 GA, 9.1 GA et 9.2 jusqu'à la version 9.2 MP3 ;
Oracle	Weblogic	Oracle WebLogic Server versions 7.0 à 7.0 SP7 ;
Oracle	N/A	Oracle Data Service Integrator versions 10.3.0 ;
Oracle	N/A	Oracle AquaLogic Data Services Platform versions 3.2, 3.0.1 et 3.0 ;
Oracle	N/A	Oracle Outside In SDK HTML Export versions 8.2.2 et 8.3.0 ;
Oracle	PeopleSoft	PeopleSoft Enterprise PeopleTools version 8.49 ;
Oracle	N/A	Oracle XML Publisher version 5.6.2, 10.1.3.2 et 10.1.3.2.1 ;
Oracle	Weblogic	Oracle WebLogic Server versions 8.1 à 8.1 SP6 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle du 14 avril 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle WebLogic Server version 10.3 ;",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle E-Business Suite Release 12, version 12.0.6 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 9i Release 2, versions 9.2.0.8 et 9.2.0.8DV ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle JRockit (anciennement BEA JRockit) version R27.6.2 et versions ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle E-Business Suite Release 11i, version 11.5.10.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 10g, version 10.1.0.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "PeopleSoft Enterprise HRMS versions 8.9 et 9.0 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 10g Release 2, versions 10.2.0.3 et 10.2.0.4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebLogic Portal versions 8.1 \u00e0 8.1 SP6 ;",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle BI Publisher versions 10.1.3.3.0, 10.1.3.3.1, 10.1.3.3.2, 10.1.3.3.3 et 10.1.3.4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 11g, versions 11.1.0.6 et 11.1.0.7 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Application Server 10g Release 2 (10.1.2), version 10.1.2.3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebLogic Server versions 9.0 GA, 9.1 GA et 9.2 jusqu\u0027\u00e0 la version 9.2 MP3 ;",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebLogic Server versions 7.0 \u00e0 7.0 SP7 ;",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Data Service Integrator versions 10.3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle AquaLogic Data Services Platform versions 3.2, 3.0.1 et 3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Outside In SDK HTML Export versions 8.2.2 et 8.3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "PeopleSoft Enterprise PeopleTools version 8.49 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle XML Publisher version 5.6.2, 10.1.3.2 et 10.1.3.2.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebLogic Server versions 8.1 \u00e0 8.1 SP6 ;",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUn grand nombre de vuln\u00e9rabilit\u00e9s a \u00e9t\u00e9 d\u00e9couvert dans les produits\nOracle :\n\n-   Oracle Database ;\n-   Oracle Application Server ;\n-   Oracle Collaboration Suite ;\n-   Beehive Collaboration Suite ;\n-   Oracle Enterprise Manager ;\n-   Oracle E-Business Suite et Application ;\n-   Oracle PoepleSoft Enterprise ;\n-   JD Edwards EnterpriseOne ;\n-   Oracle Siebel Enterprise ;\n-   Oracle Weblogic Server, Portal, Data Service ;\n-   Oracle Data Service Integrator ;\n-   AquaLogic Data Services Platform;\n-   JRockit.\n\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet de r\u00e9aliser diverses actions\nmalveillantes, dont l\u0027ex\u00e9cution de code arbitraire \u00e0 distance pour\ncertaines.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-1006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1006"
    },
    {
      "name": "CVE-2009-0991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0991"
    },
    {
      "name": "CVE-2009-0982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0982"
    },
    {
      "name": "CVE-2009-0980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0980"
    },
    {
      "name": "CVE-2009-0973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0973"
    },
    {
      "name": "CVE-2009-0986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0986"
    },
    {
      "name": "CVE-2009-1004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1004"
    },
    {
      "name": "CVE-2009-1000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1000"
    },
    {
      "name": "CVE-2009-0995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0995"
    },
    {
      "name": "CVE-2009-0978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0978"
    },
    {
      "name": "CVE-2009-1003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1003"
    },
    {
      "name": "CVE-2009-1005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1005"
    },
    {
      "name": "CVE-2009-0994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0994"
    },
    {
      "name": "CVE-2009-1001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1001"
    },
    {
      "name": "CVE-2009-1013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1013"
    },
    {
      "name": "CVE-2009-0975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0975"
    },
    {
      "name": "CVE-2009-0997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0997"
    },
    {
      "name": "CVE-2009-0993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0993"
    },
    {
      "name": "CVE-2009-1014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1014"
    },
    {
      "name": "CVE-2009-0972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0972"
    },
    {
      "name": "CVE-2009-0992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0992"
    },
    {
      "name": "CVE-2009-1010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1010"
    },
    {
      "name": "CVE-2009-0999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0999"
    },
    {
      "name": "CVE-2009-0974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0974"
    },
    {
      "name": "CVE-2009-0989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0989"
    },
    {
      "name": "CVE-2009-0996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0996"
    },
    {
      "name": "CVE-2009-0977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0977"
    },
    {
      "name": "CVE-2009-0985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0985"
    },
    {
      "name": "CVE-2009-1008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1008"
    },
    {
      "name": "CVE-2009-0987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0987"
    },
    {
      "name": "CVE-2009-1017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1017"
    },
    {
      "name": "CVE-2009-0984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0984"
    },
    {
      "name": "CVE-2009-1002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1002"
    },
    {
      "name": "CVE-2009-0983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0983"
    },
    {
      "name": "CVE-2009-0976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0976"
    },
    {
      "name": "CVE-2009-1016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1016"
    },
    {
      "name": "CVE-2009-1011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1011"
    },
    {
      "name": "CVE-2009-0988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0988"
    },
    {
      "name": "CVE-2009-1012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1012"
    },
    {
      "name": "CVE-2009-0979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0979"
    },
    {
      "name": "CVE-2009-0998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0998"
    },
    {
      "name": "CVE-2009-1009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1009"
    },
    {
      "name": "CVE-2009-0981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0981"
    },
    {
      "name": "CVE-2009-0990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0990"
    }
  ],
  "links": [],
  "reference": "CERTA-2009-AVI-154",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-04-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nOracle. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet de r\u00e9aliser diverses\nactions malveillantes, dont l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s des produits Oracle",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle du 14 avril 2009",
      "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
    }
  ]
}

CERTA-2009-AVI-154

Vulnerability from certfr_avis - Published: - Updated:

Description

Un grand nombre de vulnérabilités a été découvert dans les produits Oracle :

Oracle Database ;
Oracle Application Server ;
Oracle Collaboration Suite ;
Beehive Collaboration Suite ;
Oracle Enterprise Manager ;
Oracle E-Business Suite et Application ;
Oracle PoepleSoft Enterprise ;
JD Edwards EnterpriseOne ;
Oracle Siebel Enterprise ;
Oracle Weblogic Server, Portal, Data Service ;
Oracle Data Service Integrator ;
AquaLogic Data Services Platform;
JRockit.

L'exploitation de ces vulnérabilités permet de réaliser diverses actions malveillantes, dont l'exécution de code arbitraire à distance pour certaines.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	Weblogic	Oracle WebLogic Server version 10.3 ;
Oracle	N/A	Oracle E-Business Suite Release 12, version 12.0.6 ;
Oracle	N/A	Oracle Database 9i Release 2, versions 9.2.0.8 et 9.2.0.8DV ;
Oracle	N/A	Oracle JRockit (anciennement BEA JRockit) version R27.6.2 et versions antérieures.
Oracle	N/A	Oracle E-Business Suite Release 11i, version 11.5.10.2 ;
Oracle	N/A	Oracle Database 10g, version 10.1.0.5 ;
Oracle	PeopleSoft	PeopleSoft Enterprise HRMS versions 8.9 et 9.0 ;
Oracle	N/A	Oracle Database 10g Release 2, versions 10.2.0.3 et 10.2.0.4 ;
Oracle	Weblogic	Oracle WebLogic Portal versions 8.1 à 8.1 SP6 ;
Oracle	N/A	Oracle BI Publisher versions 10.1.3.3.0, 10.1.3.3.1, 10.1.3.3.2, 10.1.3.3.3 et 10.1.3.4 ;
Oracle	N/A	Oracle Database 11g, versions 11.1.0.6 et 11.1.0.7 ;
Oracle	N/A	Oracle Application Server 10g Release 2 (10.1.2), version 10.1.2.3.0 ;
Oracle	Weblogic	Oracle WebLogic Server versions 9.0 GA, 9.1 GA et 9.2 jusqu'à la version 9.2 MP3 ;
Oracle	Weblogic	Oracle WebLogic Server versions 7.0 à 7.0 SP7 ;
Oracle	N/A	Oracle Data Service Integrator versions 10.3.0 ;
Oracle	N/A	Oracle AquaLogic Data Services Platform versions 3.2, 3.0.1 et 3.0 ;
Oracle	N/A	Oracle Outside In SDK HTML Export versions 8.2.2 et 8.3.0 ;
Oracle	PeopleSoft	PeopleSoft Enterprise PeopleTools version 8.49 ;
Oracle	N/A	Oracle XML Publisher version 5.6.2, 10.1.3.2 et 10.1.3.2.1 ;
Oracle	Weblogic	Oracle WebLogic Server versions 8.1 à 8.1 SP6 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle du 14 avril 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle WebLogic Server version 10.3 ;",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle E-Business Suite Release 12, version 12.0.6 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 9i Release 2, versions 9.2.0.8 et 9.2.0.8DV ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle JRockit (anciennement BEA JRockit) version R27.6.2 et versions ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle E-Business Suite Release 11i, version 11.5.10.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 10g, version 10.1.0.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "PeopleSoft Enterprise HRMS versions 8.9 et 9.0 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 10g Release 2, versions 10.2.0.3 et 10.2.0.4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebLogic Portal versions 8.1 \u00e0 8.1 SP6 ;",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle BI Publisher versions 10.1.3.3.0, 10.1.3.3.1, 10.1.3.3.2, 10.1.3.3.3 et 10.1.3.4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 11g, versions 11.1.0.6 et 11.1.0.7 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Application Server 10g Release 2 (10.1.2), version 10.1.2.3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebLogic Server versions 9.0 GA, 9.1 GA et 9.2 jusqu\u0027\u00e0 la version 9.2 MP3 ;",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebLogic Server versions 7.0 \u00e0 7.0 SP7 ;",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Data Service Integrator versions 10.3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle AquaLogic Data Services Platform versions 3.2, 3.0.1 et 3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Outside In SDK HTML Export versions 8.2.2 et 8.3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "PeopleSoft Enterprise PeopleTools version 8.49 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle XML Publisher version 5.6.2, 10.1.3.2 et 10.1.3.2.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebLogic Server versions 8.1 \u00e0 8.1 SP6 ;",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUn grand nombre de vuln\u00e9rabilit\u00e9s a \u00e9t\u00e9 d\u00e9couvert dans les produits\nOracle :\n\n-   Oracle Database ;\n-   Oracle Application Server ;\n-   Oracle Collaboration Suite ;\n-   Beehive Collaboration Suite ;\n-   Oracle Enterprise Manager ;\n-   Oracle E-Business Suite et Application ;\n-   Oracle PoepleSoft Enterprise ;\n-   JD Edwards EnterpriseOne ;\n-   Oracle Siebel Enterprise ;\n-   Oracle Weblogic Server, Portal, Data Service ;\n-   Oracle Data Service Integrator ;\n-   AquaLogic Data Services Platform;\n-   JRockit.\n\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet de r\u00e9aliser diverses actions\nmalveillantes, dont l\u0027ex\u00e9cution de code arbitraire \u00e0 distance pour\ncertaines.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-1006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1006"
    },
    {
      "name": "CVE-2009-0991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0991"
    },
    {
      "name": "CVE-2009-0982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0982"
    },
    {
      "name": "CVE-2009-0980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0980"
    },
    {
      "name": "CVE-2009-0973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0973"
    },
    {
      "name": "CVE-2009-0986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0986"
    },
    {
      "name": "CVE-2009-1004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1004"
    },
    {
      "name": "CVE-2009-1000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1000"
    },
    {
      "name": "CVE-2009-0995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0995"
    },
    {
      "name": "CVE-2009-0978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0978"
    },
    {
      "name": "CVE-2009-1003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1003"
    },
    {
      "name": "CVE-2009-1005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1005"
    },
    {
      "name": "CVE-2009-0994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0994"
    },
    {
      "name": "CVE-2009-1001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1001"
    },
    {
      "name": "CVE-2009-1013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1013"
    },
    {
      "name": "CVE-2009-0975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0975"
    },
    {
      "name": "CVE-2009-0997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0997"
    },
    {
      "name": "CVE-2009-0993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0993"
    },
    {
      "name": "CVE-2009-1014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1014"
    },
    {
      "name": "CVE-2009-0972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0972"
    },
    {
      "name": "CVE-2009-0992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0992"
    },
    {
      "name": "CVE-2009-1010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1010"
    },
    {
      "name": "CVE-2009-0999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0999"
    },
    {
      "name": "CVE-2009-0974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0974"
    },
    {
      "name": "CVE-2009-0989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0989"
    },
    {
      "name": "CVE-2009-0996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0996"
    },
    {
      "name": "CVE-2009-0977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0977"
    },
    {
      "name": "CVE-2009-0985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0985"
    },
    {
      "name": "CVE-2009-1008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1008"
    },
    {
      "name": "CVE-2009-0987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0987"
    },
    {
      "name": "CVE-2009-1017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1017"
    },
    {
      "name": "CVE-2009-0984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0984"
    },
    {
      "name": "CVE-2009-1002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1002"
    },
    {
      "name": "CVE-2009-0983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0983"
    },
    {
      "name": "CVE-2009-0976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0976"
    },
    {
      "name": "CVE-2009-1016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1016"
    },
    {
      "name": "CVE-2009-1011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1011"
    },
    {
      "name": "CVE-2009-0988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0988"
    },
    {
      "name": "CVE-2009-1012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1012"
    },
    {
      "name": "CVE-2009-0979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0979"
    },
    {
      "name": "CVE-2009-0998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0998"
    },
    {
      "name": "CVE-2009-1009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1009"
    },
    {
      "name": "CVE-2009-0981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0981"
    },
    {
      "name": "CVE-2009-0990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0990"
    }
  ],
  "links": [],
  "reference": "CERTA-2009-AVI-154",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-04-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nOracle. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet de r\u00e9aliser diverses\nactions malveillantes, dont l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s des produits Oracle",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle du 14 avril 2009",
      "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
    }
  ]
}

GSD-2009-1012

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-1012

Aliases

CVE-2009-1012

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-1012",
    "description": "Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability.  NOTE: the previous information was obtained from the April 2009 CPU.  Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.",
    "id": "GSD-2009-1012"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-1012"
      ],
      "details": "Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability.  NOTE: the previous information was obtained from the April 2009 CPU.  Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow.",
      "id": "GSD-2009-1012",
      "modified": "2023-12-13T01:19:48.475325Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert_us@oracle.com",
        "ID": "CVE-2009-1012",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability.  NOTE: the previous information was obtained from the April 2009 CPU.  Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1022059",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1022059"
          },
          {
            "name": "34461",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/34461"
          },
          {
            "name": "oracle-bea-http-bo(64935)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64935"
          },
          {
            "name": "TA09-105A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
          },
          {
            "name": "http://secunia.com/secunia_research/2009-22/",
            "refsource": "MISC",
            "url": "http://secunia.com/secunia_research/2009-22/"
          },
          {
            "name": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
          },
          {
            "name": "53765",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/53765"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:10.0:mp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:9.2:mp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:10.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:8.1:sp6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:7.0:sp7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:bea_product_suite:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2009-1012"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability.  NOTE: the previous information was obtained from the April 2009 CPU.  Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA09-105A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
            },
            {
              "name": "1022059",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1022059"
            },
            {
              "name": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
            },
            {
              "name": "53765",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/53765"
            },
            {
              "name": "http://secunia.com/secunia_research/2009-22/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://secunia.com/secunia_research/2009-22/"
            },
            {
              "name": "34461",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/34461"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
            },
            {
              "name": "oracle-bea-http-bo(64935)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64935"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-17T01:30Z",
      "publishedDate": "2009-04-15T10:30Z"
    }
  }
}

FKIE_CVE-2009-1012

Vulnerability from fkie_nvd - Published: 2009-04-15 10:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secalert_us@oracle.com	http://osvdb.org/53765
secalert_us@oracle.com	http://secunia.com/secunia_research/2009-22/
secalert_us@oracle.com	http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html
secalert_us@oracle.com	http://www.oracle.com/technology/deploy/security/wls-security/1012.html
secalert_us@oracle.com	http://www.securityfocus.com/bid/34461
secalert_us@oracle.com	http://www.securitytracker.com/id?1022059
secalert_us@oracle.com	http://www.us-cert.gov/cas/techalerts/TA09-105A.html	US Government Resource
secalert_us@oracle.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/64935
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/53765
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/secunia_research/2009-22/
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technology/deploy/security/wls-security/1012.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/34461
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1022059
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-105A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/64935

Impacted products

Vendor	Product	Version
oracle	bea_product_suite	7.0
oracle	bea_product_suite	8.1
oracle	bea_product_suite	9.0
oracle	bea_product_suite	9.1
oracle	bea_product_suite	9.2
oracle	bea_product_suite	10.0
oracle	bea_product_suite	10.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:bea_product_suite:7.0:sp7:*:*:*:*:*:*",
              "matchCriteriaId": "6859E096-4FA7-4797-B2D6-C5CE15D2078C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:bea_product_suite:8.1:sp6:*:*:*:*:*:*",
              "matchCriteriaId": "0B8AB045-051A-477E-B2F7-4057826C43F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:bea_product_suite:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B5D9ABA-10EE-4EE2-9814-BDFBBE9A6014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:bea_product_suite:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "09215858-8A4F-4595-98DD-39027EC6CC1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:bea_product_suite:9.2:mp3:*:*:*:*:*:*",
              "matchCriteriaId": "A7390B6A-7944-4509-B499-5B51DB9BF42E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:bea_product_suite:10.0:mp1:*:*:*:*:*:*",
              "matchCriteriaId": "193516AD-8096-4A6E-9C4B-4B9717DD7021",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:bea_product_suite:10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B1C64BD-7C8C-4B28-9EA8-5198B6C71AD1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the plug-ins for Apache and IIS web servers in Oracle BEA WebLogic Server 7.0 Gold through SP7, 8.1 Gold through SP6, 9.0, 9.1, 9.2 Gold through MP3, 10.0 Gold through MP1, and 10.3 allows remote attackers to affect confidentiality, integrity, and availability.  NOTE: the previous information was obtained from the April 2009 CPU.  Oracle has not commented on claims from a reliable researcher that this is an integer overflow in an unspecified plug-in that parses HTTP requests, which leads to a heap-based buffer overflow."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en el componente WebLogic Server en BEA Product Suite v10.3, v10.0 MP1, v9.2 MP3, v9.1, v9.0, v8.1 SP6, y v7.0 SP7 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad, relacionada con IIS."
    }
  ],
  "id": "CVE-2009-1012",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-04-15T10:30:01.017",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "url": "http://osvdb.org/53765"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://secunia.com/secunia_research/2009-22/"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.securityfocus.com/bid/34461"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.securitytracker.com/id?1022059"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64935"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/53765"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/secunia_research/2009-22/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technology/deploy/security/wls-security/1012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/34461"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022059"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64935"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-1012 (GCVE-0-2009-1012)

VAR-200904-0432

GHSA-7G8R-925J-VGFH

CERTA-2009-AVI-154

Description

Solution

CERTA-2009-AVI-154

Description

Solution

GSD-2009-1012

FKIE_CVE-2009-1012

Tags

Sightings

Nomenclature