Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
101 vulnerabilities found for Weblogic by Oracle
CERTA-2011-AVI-022
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités présentes dans les produits Oracle permettent à un utilisateur malveillant de contourner la politique de sécurité.
Description
De multiples vulnérabilités ont été corrigées dans les produits Oracle tels que Oracle Database, Oracle Application Server ou Oracle Open Office. Certaines de ces vulnérabilités peuvent être exploitées par un utilisateur malveillant distant pour contourner la politique de sécurité ou encore porter atteinte à l'intégrité et/ou la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | N/A | Oracle BI Publisher, versions 10.1.3.3.2, 10.1.3.4.0, 10.1.3.4.1, 11.1.1.3 ; | ||
| Oracle | N/A | Oracle Transportation Manager, versions 5.5, 6.0, 6.1, 6.2 ; | ||
| Oracle | N/A | Oracle Sun Product Suite ; | ||
| Oracle | N/A | Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3 ; | ||
| Oracle | N/A | Oracle Document Capture, versions 10.1.3.4, 10.1.3.5 ; | ||
| Oracle | N/A | Oracle Application Server 10g Release 2, version 10.1.2.3.0 ; | ||
| Oracle | N/A | Oracle Enterprise Manager Real User Experience Insight, version RUEI 6.0 ; | ||
| Oracle | N/A | Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 ; | ||
| Oracle | N/A | Oracle JRockit versions, R27.6.7 et antérieures (JDK/JRE 1.4.2, 5, 6), R28.0.1 et antérieures (JDK/JRE 5, 6) ; | ||
| Oracle | N/A | Oracle E-Business Suite Release 11i, version 11.5.10.2 ; | ||
| Oracle | PeopleSoft | Oracle PeopleSoft Enterprise CRM, versions 8.9, 9.0, 9.1 ; | ||
| Oracle | N/A | Oracle Audit Vault 10g Release 2, version 10.2.3.2 ; | ||
| Oracle | N/A | Oracle Argus Safety, versions 5.0, 5.0.1, 5.0.2, 5.0.3 ; | ||
| Oracle | N/A | Oracle Database 10g Release 1, version 10.1.0.5 ; | ||
| Oracle | N/A | Oracle Outside In Technology, version 8.3.0 ; | ||
| Oracle | PeopleSoft | Oracle PeopleSoft Enterprise PeopleTools, versions 8.49, 8.50, 8.51 ; | ||
| Oracle | N/A | Oracle InForm Portal, versions 4.5, 4.6, 5.0 ; | ||
| Oracle | Weblogic | Oracle WebLogic Server, versions 7.0.7, 8.1.6, 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2, 10.3.3 ; | ||
| Oracle | N/A | Oracle Agile Core, versions 9.3.0.2, 9.3.1 ; | ||
| Oracle | N/A | Oracle Database 11g Release 1, version 11.1.0.7 ; | ||
| Oracle | N/A | Oracle Open Office, version 3.2.1 and StarOffice/StarSuite, versions 7, 8. | ||
| Oracle | N/A | Oracle Database 11g Release 2, version 11.2.0.1 ; | ||
| Oracle | N/A | Oracle Enterprise Manager Suite Release 10, version 10.2.0.5 ; | ||
| Oracle | N/A | Oracle GoldenGate Veridata, version 3.0.0.4 ; | ||
| Oracle | N/A | Oracle Beehive, versions 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, 2.0.1.3 ; | ||
| Oracle | N/A | Oracle Fusion Middleware, 11g Release 1, versions 11.1.1.2.0, 11.1.1.3.0 ; | ||
| Oracle | PeopleSoft | Oracle PeopleSoft Enterprise HRMS, versions 8.9, 9.0, 9.1 ; | ||
| Oracle | N/A | Oracle Secure Backup 10g Release 3, version 10.3.0.2 ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle BI Publisher, versions 10.1.3.3.2, 10.1.3.4.0, 10.1.3.4.1, 11.1.1.3 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Transportation Manager, versions 5.5, 6.0, 6.1, 6.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Sun Product Suite ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Document Capture, versions 10.1.3.4, 10.1.3.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Application Server 10g Release 2, version 10.1.2.3.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Enterprise Manager Real User Experience Insight, version RUEI 6.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle JRockit versions, R27.6.7 et ant\u00e9rieures (JDK/JRE 1.4.2, 5, 6), R28.0.1 et ant\u00e9rieures (JDK/JRE 5, 6) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite Release 11i, version 11.5.10.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle PeopleSoft Enterprise CRM, versions 8.9, 9.0, 9.1 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Audit Vault 10g Release 2, version 10.2.3.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Argus Safety, versions 5.0, 5.0.1, 5.0.2, 5.0.3 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 10g Release 1, version 10.1.0.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Outside In Technology, version 8.3.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle PeopleSoft Enterprise PeopleTools, versions 8.49, 8.50, 8.51 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle InForm Portal, versions 4.5, 4.6, 5.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server, versions 7.0.7, 8.1.6, 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2, 10.3.3 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Agile Core, versions 9.3.0.2, 9.3.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 11g Release 1, version 11.1.0.7 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Open Office, version 3.2.1 and StarOffice/StarSuite, versions 7, 8.",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 11g Release 2, version 11.2.0.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Enterprise Manager Suite Release 10, version 10.2.0.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle GoldenGate Veridata, version 3.0.0.4 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Beehive, versions 2.0.1.0, 2.0.1.1, 2.0.1.2, 2.0.1.2.1, 2.0.1.3 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Fusion Middleware, 11g Release 1, versions 11.1.1.2.0, 11.1.1.3.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle PeopleSoft Enterprise HRMS, versions 8.9, 9.0, 9.1 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Secure Backup 10g Release 3, version 10.3.0.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits Oracle\ntels que Oracle Database, Oracle Application Server ou Oracle Open\nOffice. Certaines de ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es par un\nutilisateur malveillant distant pour contourner la politique de s\u00e9curit\u00e9\nou encore porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 et/ou la confidentialit\u00e9 des\ndonn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2010-4429",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4429"
},
{
"name": "CVE-2010-4415",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4415"
},
{
"name": "CVE-2010-4438",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4438"
},
{
"name": "CVE-2010-3586",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3586"
},
{
"name": "CVE-2010-3593",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3593"
},
{
"name": "CVE-2010-4439",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4439"
},
{
"name": "CVE-2010-4421",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4421"
},
{
"name": "CVE-2010-4453",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4453"
},
{
"name": "CVE-2010-4433",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4433"
},
{
"name": "CVE-2010-4419",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4419"
},
{
"name": "CVE-2010-4464",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4464"
},
{
"name": "CVE-2010-4457",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4457"
},
{
"name": "CVE-2010-4432",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4432"
},
{
"name": "CVE-2010-4460",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4460"
},
{
"name": "CVE-2010-3590",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3590"
},
{
"name": "CVE-2010-4416",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4416"
},
{
"name": "CVE-2010-4414",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4414"
},
{
"name": "CVE-2010-4420",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4420"
},
{
"name": "CVE-2010-3592",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3592"
},
{
"name": "CVE-2010-3600",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3600"
},
{
"name": "CVE-2010-4418",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4418"
},
{
"name": "CVE-2010-4456",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4456"
},
{
"name": "CVE-2010-4441",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4441"
},
{
"name": "CVE-2010-4440",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4440"
},
{
"name": "CVE-2010-4436",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4436"
},
{
"name": "CVE-2010-4443",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4443"
},
{
"name": "CVE-2010-4434",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4434"
},
{
"name": "CVE-2010-4437",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4437"
},
{
"name": "CVE-2009-4269",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4269"
},
{
"name": "CVE-2010-2936",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2936"
},
{
"name": "CVE-2010-3588",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3588"
},
{
"name": "CVE-2010-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3510"
},
{
"name": "CVE-2010-4428",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4428"
},
{
"name": "CVE-2010-4446",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4446"
},
{
"name": "CVE-2010-4459",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4459"
},
{
"name": "CVE-2010-4426",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4426"
},
{
"name": "CVE-2010-2632",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2632"
},
{
"name": "CVE-2010-4461",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4461"
},
{
"name": "CVE-2010-3597",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3597"
},
{
"name": "CVE-2010-3587",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3587"
},
{
"name": "CVE-2010-4442",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4442"
},
{
"name": "CVE-2010-3599",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3599"
},
{
"name": "CVE-2010-4413",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4413"
},
{
"name": "CVE-2010-3505",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3505"
},
{
"name": "CVE-2010-3594",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3594"
},
{
"name": "CVE-2010-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4449"
},
{
"name": "CVE-2010-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3598"
},
{
"name": "CVE-2010-4445",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4445"
},
{
"name": "CVE-2010-4458",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4458"
},
{
"name": "CVE-2010-4417",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4417"
},
{
"name": "CVE-2010-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3596"
},
{
"name": "CVE-2010-4444",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4444"
},
{
"name": "CVE-2010-4425",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4425"
},
{
"name": "CVE-2010-3591",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3591"
},
{
"name": "CVE-2010-4423",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4423"
},
{
"name": "CVE-2010-4431",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4431"
},
{
"name": "CVE-2010-4427",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4427"
},
{
"name": "CVE-2010-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4435"
},
{
"name": "CVE-2010-3574",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3574"
},
{
"name": "CVE-2010-4424",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4424"
},
{
"name": "CVE-2010-2935",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2935"
},
{
"name": "CVE-2010-4430",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4430"
},
{
"name": "CVE-2010-1227",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1227"
},
{
"name": "CVE-2010-3595",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3595"
},
{
"name": "CVE-2010-3589",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3589"
},
{
"name": "CVE-2010-4455",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4455"
}
],
"links": [],
"reference": "CERTA-2011-AVI-022",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2011-01-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits Oracle\npermettent \u00e0 un utilisateur malveillant de contourner la politique de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Oracle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle de janvier 2011",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
}
]
}
CERTA-2010-AVI-314
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités présentes dans les produits Oracle permettent à un utilisateur distant de provoquer un déni de service ou d'éxecuter du code arbitraire.
Description
De multiples vulnérabilités sont présentes dans les produits Oracle comme Oracle Database ou Oracle WebLogic. Elles permettent, entre autres, à un utilisateur distant malintentionné de provoquer un déni de service ou d'éxecuter du code arbitaire.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | N/A | Oracle Secure Backup version 10301 ; | ||
| Oracle | N/A | Oracle Database 9i Release 2, versions 9208, 9208DV ; | ||
| Oracle | PeopleSoft | PeopleSoft Enterprise PeopleTools, versions 849 et 850 ; | ||
| Oracle | N/A | Oracle JRockit versions R2800 et antérieures (JDK/JRE 5 et 6) ; | ||
| Oracle | PeopleSoft | PeopleSoft Enterprise FSCM, versions 89, 90 et 91 ; | ||
| Oracle | N/A | Oracle JRockit versions R2766 et antérieures (JDK/JRE 142, 5 et 6) ; | ||
| Oracle | N/A | Oracle Database 11g Release 2, version 11201 ; | ||
| Oracle | PeopleSoft | PeopleSoft Enterprise HCM, versions 89, 90 et 91 ; | ||
| Oracle | Weblogic | Oracle WebLogic Server 100 jusqu'à la version MP2 ; | ||
| Oracle | Weblogic | Oracle WebLogic Server 70 jusqu'au Service Pack 7 ; | ||
| Oracle | N/A | Oracle Sun Product Suite. | ||
| Oracle | Weblogic | Oracle WebLogic Server 90, 91, 92 jusqu'à la version MP3 ; | ||
| Oracle | Weblogic | Oracle WebLogic Server 11gR1 versions 1031, 1032 et 1033 ; | ||
| Oracle | N/A | Oracle Business Process Management, versions 573, 605, 1031 et 1032 ; | ||
| Oracle | N/A | Oracle E-Business Suite Release 12, versions 1204, 1205, 1206, 1211 et 1212 ; | ||
| Oracle | Weblogic | Oracle WebLogic Server 81 jusqu'au Service Pack 6 ; | ||
| Oracle | PeopleSoft | PeopleSoft Enterprise Campus Solutions, version 90 ; | ||
| Oracle | N/A | Oracle Transportation Manager, Versions: 550507, 550600 et 6003 ; | ||
| Oracle | N/A | Oracle Enterprise Manager Grid Control 10g Release 5, version 10205 ; | ||
| Oracle | N/A | Oracle E-Business Suite Release 11i, versions 11510 et 115102 ; | ||
| Oracle | N/A | Oracle Application Server, 10gR2, version 101230 ; | ||
| Oracle | N/A | Oracle Identity Management 10g, version 101401 ; | ||
| Oracle | N/A | Oracle Enterprise Manager Grid Control 10g Release 1, version 10106 ; | ||
| Oracle | PeopleSoft | PeopleSoft Enterprise CRM, versions 90 et 91 ; | ||
| Oracle | N/A | Oracle TimesTen In-Memory Database, versions 7060, 112141 ; | ||
| Oracle | N/A | Oracle Database 10g Release 2, versions 10203, 10204 ; | ||
| Oracle | N/A | Oracle Database 10g, version 10105 ; | ||
| Oracle | Weblogic | Oracle WebLogic Server 10gR3 version 1030 ; | ||
| Oracle | N/A | Oracle Database 11g Release 1, version 11107 ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Secure Backup version 10301 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 9i Release 2, versions 9208, 9208DV ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft Enterprise PeopleTools, versions 849 et 850 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle JRockit versions R2800 et ant\u00e9rieures (JDK/JRE 5 et 6) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft Enterprise FSCM, versions 89, 90 et 91 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle JRockit versions R2766 et ant\u00e9rieures (JDK/JRE 142, 5 et 6) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 11g Release 2, version 11201 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft Enterprise HCM, versions 89, 90 et 91 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server 100 jusqu\u0027\u00e0 la version MP2 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server 70 jusqu\u0027au Service Pack 7 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Sun Product Suite.",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server 90, 91, 92 jusqu\u0027\u00e0 la version MP3 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server 11gR1 versions 1031, 1032 et 1033 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Business Process Management, versions 573, 605, 1031 et 1032 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite Release 12, versions 1204, 1205, 1206, 1211 et 1212 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server 81 jusqu\u0027au Service Pack 6 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft Enterprise Campus Solutions, version 90 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Transportation Manager, Versions: 550507, 550600 et 6003 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Enterprise Manager Grid Control 10g Release 5, version 10205 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite Release 11i, versions 11510 et 115102 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Application Server, 10gR2, version 101230 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Identity Management 10g, version 101401 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Enterprise Manager Grid Control 10g Release 1, version 10106 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft Enterprise CRM, versions 90 et 91 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle TimesTen In-Memory Database, versions 7060, 112141 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 10g Release 2, versions 10203, 10204 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 10g, version 10105 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server 10gR3 version 1030 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 11g Release 1, version 11107 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans les produits Oracle\ncomme Oracle Database ou Oracle WebLogic. Elles permettent, entre\nautres, \u00e0 un utilisateur distant malintentionn\u00e9 de provoquer un d\u00e9ni de\nservice ou d\u0027\u00e9xecuter du code arbitaire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2010-0906",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0906"
},
{
"name": "CVE-2010-0898",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0898"
},
{
"name": "CVE-2010-2380",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2380"
},
{
"name": "CVE-2010-2382",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2382"
},
{
"name": "CVE-2010-0903",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0903"
},
{
"name": "CVE-2010-0899",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0899"
},
{
"name": "CVE-2010-2381",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2381"
},
{
"name": "CVE-2010-2394",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2394"
},
{
"name": "CVE-2010-2373",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2373"
},
{
"name": "CVE-2010-0909",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0909"
},
{
"name": "CVE-2010-0907",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0907"
},
{
"name": "CVE-2010-2392",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2392"
},
{
"name": "CVE-2010-2393",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2393"
},
{
"name": "CVE-2010-0914",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0914"
},
{
"name": "CVE-2010-0901",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0901"
},
{
"name": "CVE-2010-0892",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0892"
},
{
"name": "CVE-2010-2386",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2386"
},
{
"name": "CVE-2010-0915",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0915"
},
{
"name": "CVE-2010-0873",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0873"
},
{
"name": "CVE-2010-0083",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0083"
},
{
"name": "CVE-2009-3763",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3763"
},
{
"name": "CVE-2010-2375",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2375"
},
{
"name": "CVE-2009-3555",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
},
{
"name": "CVE-2008-4247",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4247"
},
{
"name": "CVE-2010-2400",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2400"
},
{
"name": "CVE-2010-0849",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0849"
},
{
"name": "CVE-2010-2384",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2384"
},
{
"name": "CVE-2010-2374",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2374"
},
{
"name": "CVE-2010-2402",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2402"
},
{
"name": "CVE-2010-0912",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0912"
},
{
"name": "CVE-2010-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0913"
},
{
"name": "CVE-2010-2401",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2401"
},
{
"name": "CVE-2009-3764",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3764"
},
{
"name": "CVE-2010-2376",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2376"
},
{
"name": "CVE-2010-0911",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0911"
},
{
"name": "CVE-2010-2372",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2372"
},
{
"name": "CVE-2009-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0217"
},
{
"name": "CVE-2010-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2398"
},
{
"name": "CVE-2010-2399",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2399"
},
{
"name": "CVE-2010-0081",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0081"
},
{
"name": "CVE-2010-2377",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2377"
},
{
"name": "CVE-2010-0916",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0916"
},
{
"name": "CVE-2010-0835",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0835"
},
{
"name": "CVE-2010-2403",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2403"
},
{
"name": "CVE-2010-2378",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2378"
},
{
"name": "CVE-2010-0900",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0900"
},
{
"name": "CVE-2010-0908",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0908"
},
{
"name": "CVE-2010-2370",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2370"
},
{
"name": "CVE-2010-0910",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0910"
},
{
"name": "CVE-2010-0904",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0904"
},
{
"name": "CVE-2010-2383",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2383"
},
{
"name": "CVE-2010-0902",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0902"
},
{
"name": "CVE-2010-2385",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2385"
},
{
"name": "CVE-2009-3762",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3762"
},
{
"name": "CVE-2010-0905",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0905"
},
{
"name": "CVE-2010-0836",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0836"
},
{
"name": "CVE-2010-2371",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2371"
},
{
"name": "CVE-2010-2379",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2379"
},
{
"name": "CVE-2010-2397",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2397"
}
],
"links": [],
"reference": "CERTA-2010-AVI-314",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-07-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits Oracle\npermettent \u00e0 un utilisateur distant de provoquer un d\u00e9ni de service ou\nd\u0027\u00e9xecuter du code arbitraire.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Oracle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle du 13 juillet 2010",
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html"
}
]
}
CERTA-2010-AVI-074
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité dans Oracle WebLogic Server permet l'exécution de code arbitraire à distance.
Description
Une vulnérabilité dans le composant Node Manager de Oracle WebLogic Server permet à une personne malintentionnée, non authentifiée d'exécuter du code arbitraire sur le système vulnérable.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Weblogic | Oracle WebLogic Server 10gR3 (10.3.0) ; | ||
| Oracle | Weblogic | Oracle WebLogic Server 11gR1 (10.3.1 et 10.3.2) ; | ||
| Oracle | Weblogic | Oracle WebLogic Server 7.0 jusqu'à SP7. | ||
| Oracle | Weblogic | Oracle WebLogic Server 9.0, 9.1 et 9.2 jusqu'à MP3 ; | ||
| Oracle | Weblogic | Oracle WebLogic Server 8.1 jusqu'à SP6 ; | ||
| Oracle | Weblogic | Oracle WebLogic Server 10.0 jusqu'à MP2 ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle WebLogic Server 10gR3 (10.3.0) ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server 11gR1 (10.3.1 et 10.3.2) ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server 7.0 jusqu\u0027\u00e0 SP7.",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server 9.0, 9.1 et 9.2 jusqu\u0027\u00e0 MP3 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server 8.1 jusqu\u0027\u00e0 SP6 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server 10.0 jusqu\u0027\u00e0 MP2 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans le composant Node Manager de Oracle WebLogic\nServer permet \u00e0 une personne malintentionn\u00e9e, non authentifi\u00e9e\nd\u0027ex\u00e9cuter du code arbitraire sur le syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2010-0073",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0073"
}
],
"links": [],
"reference": "CERTA-2010-AVI-074",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-02-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans Oracle WebLogic Server permet l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Oracle WebLogic Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle du 4 f\u00e9vrier 2010",
"url": "http://www.oracle.com/technology/deploy/security/alerts/alert-cve-2010-0073.html"
}
]
}
CERTA-2010-AVI-010
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Oracle. L'exploitation de ces vulnérabilités permet de réaliser diverses actions malveillantes, dont l'exécution de code arbitraire à distance.
Description
De nombreuses vulnérabilités ont été corrigées dans les produits Oracle suivants :
- Oracle Database ;
- Oracle Application Server ;
- Oracle Access Manager ;
- Oracle E-Business Suite ;
- PeopleSoft Enterprise HCM (TAM) ;
- Oracle WebLogic Server ;
- Oracle JRockit ;
- Primavera P6 Enterprise Project Portfolio Management ;
- Primavera P6 Web Services.
L'exploitation de ces vulnérabilités permet de réaliser diverses actions malveillantes, dont l'exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Weblogic | Oracle WebLogic Server 8.1 à 8.1 SP6 ; | ||
| Oracle | N/A | Oracle Access Manager versions 7.0.4.3, 10.1.4.2 ; | ||
| Oracle | N/A | Primavera P6 Web Services 6.2.1, 7.0 et 7.0SP1. | ||
| Oracle | Weblogic | Oracle WebLogic Server 10.0 à 10.0 MP2, 10.3.0 et 10.3.1 ; | ||
| Oracle | N/A | Oracle JRockit R27.6.5 et versions antérieures (JDK/JRE 6, 5, 1.4.2) ; | ||
| Oracle | N/A | Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.5, 12.0.6, 12.1.1 et 12.1.2 ; | ||
| Oracle | Weblogic | Oracle WebLogic Server 9.0 GA, 9.1 GA et 9.2 à 9.2 MP3 ; | ||
| Oracle | N/A | Oracle Database 11g, version 11.1.0.7 ; | ||
| Oracle | N/A | Primavera P6 Enterprise Project Portfolio Management 6.1, 6.2.1 et 7.0 ; | ||
| Oracle | N/A | Oracle E-Business Suite Release 11i, version 11.5.10.2 ; | ||
| Oracle | N/A | Oracle Database 10g, version 10.1.0.5 ; | ||
| Oracle | PeopleSoft | PeopleSoft Enterprise HCM (TAM), versions 8.9 et 9.0. ; | ||
| Oracle | N/A | Oracle Application Server 10g Release 2 (10.1.2), version 10.1.2.3.0 ; | ||
| Oracle | N/A | Oracle Application Server 10g Release 3 (10.1.3), versions 10.1.3.4.0, 10.1.3.5*, 10.1.3.5.1* ; | ||
| Oracle | N/A | Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4 ; | ||
| Oracle | N/A | Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV ; | ||
| Oracle | Weblogic | Oracle WebLogic Server 7.0 à 7.0 SP7 ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle WebLogic Server 8.1 \u00e0 8.1 SP6 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Access Manager versions 7.0.4.3, 10.1.4.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Primavera P6 Web Services 6.2.1, 7.0 et 7.0SP1.",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server 10.0 \u00e0 10.0 MP2, 10.3.0 et 10.3.1 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle JRockit R27.6.5 et versions ant\u00e9rieures (JDK/JRE 6, 5, 1.4.2) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.5, 12.0.6, 12.1.1 et 12.1.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server 9.0 GA, 9.1 GA et 9.2 \u00e0 9.2 MP3 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 11g, version 11.1.0.7 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Primavera P6 Enterprise Project Portfolio Management 6.1, 6.2.1 et 7.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite Release 11i, version 11.5.10.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 10g, version 10.1.0.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft Enterprise HCM (TAM), versions 8.9 et 9.0. ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Application Server 10g Release 2 (10.1.2), version 10.1.2.3.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Application Server 10g Release 3 (10.1.3), versions 10.1.3.4.0, 10.1.3.5*, 10.1.3.5.1* ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server 7.0 \u00e0 7.0 SP7 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits Oracle\nsuivants :\n\n- Oracle Database ;\n- Oracle Application Server ;\n- Oracle Access Manager ;\n- Oracle E-Business Suite ;\n- PeopleSoft Enterprise HCM (TAM) ;\n- Oracle WebLogic Server ;\n- Oracle JRockit ;\n- Primavera P6 Enterprise Project Portfolio Management ;\n- Primavera P6 Web Services.\n\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet de r\u00e9aliser diverses actions\nmalveillantes, dont l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-3877",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3877"
},
{
"name": "CVE-2009-3414",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3414"
},
{
"name": "CVE-2010-0068",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0068"
},
{
"name": "CVE-2009-3871",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3871"
},
{
"name": "CVE-2010-0075",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0075"
},
{
"name": "CVE-2009-3416",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3416"
},
{
"name": "CVE-2010-0070",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0070"
},
{
"name": "CVE-2010-0077",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0077"
},
{
"name": "CVE-2010-0072",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0072"
},
{
"name": "CVE-2009-3867",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3867"
},
{
"name": "CVE-2010-0074",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0074"
},
{
"name": "CVE-2009-3410",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3410"
},
{
"name": "CVE-2010-0071",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0071"
},
{
"name": "CVE-2009-3872",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3872"
},
{
"name": "CVE-2010-0069",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0069"
},
{
"name": "CVE-2009-3415",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3415"
},
{
"name": "CVE-2009-2625",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2625"
},
{
"name": "CVE-2009-3876",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3876"
},
{
"name": "CVE-2009-3411",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3411"
},
{
"name": "CVE-2009-3875",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3875"
},
{
"name": "CVE-2009-3869",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3869"
},
{
"name": "CVE-2010-0080",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0080"
},
{
"name": "CVE-2009-3873",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3873"
},
{
"name": "CVE-2009-3412",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3412"
},
{
"name": "CVE-2010-0076",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0076"
},
{
"name": "CVE-2009-3874",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3874"
},
{
"name": "CVE-2009-1996",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1996"
},
{
"name": "CVE-2009-3868",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3868"
},
{
"name": "CVE-2010-0078",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0078"
},
{
"name": "CVE-2010-0079",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0079"
},
{
"name": "CVE-2010-0067",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0067"
},
{
"name": "CVE-2009-3413",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3413"
},
{
"name": "CVE-2010-0066",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0066"
}
],
"links": [],
"reference": "CERTA-2010-AVI-010",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-01-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits Oracle.\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet de r\u00e9aliser diverses actions\nmalveillantes, dont l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans des produits Oracle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle du 13 janvier 2010",
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html"
}
]
}
CERTA-2009-AVI-452
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités affectent différents produits Oracle. L'exploitation de ces vulnérabilités permet de nombreuses actions malveillantes, dont l'exécution de code arbitraire à distance.
Description
De multiples vulnérabilités ont été découvertes dans les différents produits Oracle. Ces vulnérabilités touchent les produits des branches de gestion de base de données, de serveurs applicatifs, de E-business, de PeopleSoft et de BEA.
L'exploitation de ces nombreuses vulnérabilités permet des actions malveillantes diverses, dont l'exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Weblogic | Oracle WebLogic Portal, versions 8.1 à 8.1 SP6, 9.2 à 9.2 MP3, 10.0 à 10.0MP1, 10.2 à 10.2MP1 et 10.3 à 10.3.1 ; | ||
| Oracle | N/A | AutoVue version 19.3 ; | ||
| Oracle | N/A | Oracle Application Server 10g Release 3 (10.1.3), versions 10.1.3.4.0 et 10.1.3.5.0 ; | ||
| Oracle | N/A | JDEdward Tools version 8.98 ; | ||
| Oracle | N/A | Oracle Database 9i Release 2, versions 9.2.0.8 et 9.2.0.8DV ; | ||
| Oracle | PeopleSoft | PeopleSoft Enterprise HCM (TAM) versions 8.9 et 9.0 ; | ||
| Oracle | Weblogic | Oracle WebLogic Server versions 9.0 GA, 9.1 GA et 9.2 à 9.2 MP3 ; | ||
| Oracle | N/A | Oracle Database 11g, version 11.1.0.7 ; | ||
| Oracle | N/A | Oracle Database 10g, version 10.1.0.5 ; | ||
| Oracle | Weblogic | Oracle WebLogic Server versions 10.0 jusqu'à MP1 et version 10.3 ; | ||
| Oracle | N/A | Oracle Business Intelligence Enterprise Edition, versions 10.1.3.4.0 et 10.1.3.4.1 ; | ||
| Oracle | N/A | Oracle Database 10g Release 2, versions 10.2.0.3 et 10.2.0.4 ; | ||
| Oracle | N/A | Oracle Communications Order et Service Management, versions 2.8.0, 6.2.0, 6.3.0 et 6.3.1. | ||
| Oracle | N/A | Oracle Application Server 10g Release 2 (10.1.2), version 10.1.2.3.0 ; | ||
| Oracle | Weblogic | Oracle WebLogic Server versions 8.1 à 8.1 SP5 ; | ||
| Oracle | N/A | Oracle E-Business Suite Release 11i version 11.5.10.2 ; | ||
| Oracle | PeopleSoft | PeopleSoft PeopleTools & Enterprise Portal version 8.49 ; | ||
| Oracle | N/A | Oracle E-Business Suite Release 12 versions 12.0.6 et 12.1 ; | ||
| Oracle | N/A | Oracle JRockit R27.6.4 et versions antérieures (JDK/JRE 6, 5, 1.4.2) ; | ||
| Oracle | N/A | Agile Engineering Data Management (EDM) version 6.1 ; | ||
| Oracle | Weblogic | Oracle WebLogic Server versions 7.0 à 7.0 SP6 ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle WebLogic Portal, versions 8.1 \u00e0 8.1 SP6, 9.2 \u00e0 9.2 MP3, 10.0 \u00e0 10.0MP1, 10.2 \u00e0 10.2MP1 et 10.3 \u00e0 10.3.1 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "AutoVue version 19.3 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Application Server 10g Release 3 (10.1.3), versions 10.1.3.4.0 et 10.1.3.5.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "JDEdward Tools version 8.98 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 9i Release 2, versions 9.2.0.8 et 9.2.0.8DV ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft Enterprise HCM (TAM) versions 8.9 et 9.0 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server versions 9.0 GA, 9.1 GA et 9.2 \u00e0 9.2 MP3 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 11g, version 11.1.0.7 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 10g, version 10.1.0.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server versions 10.0 jusqu\u0027\u00e0 MP1 et version 10.3 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Business Intelligence Enterprise Edition, versions 10.1.3.4.0 et 10.1.3.4.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 10g Release 2, versions 10.2.0.3 et 10.2.0.4 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Communications Order et Service Management, versions 2.8.0, 6.2.0, 6.3.0 et 6.3.1.",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Application Server 10g Release 2 (10.1.2), version 10.1.2.3.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server versions 8.1 \u00e0 8.1 SP5 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite Release 11i version 11.5.10.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft PeopleTools \u0026 Enterprise Portal version 8.49 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite Release 12 versions 12.0.6 et 12.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle JRockit R27.6.4 et versions ant\u00e9rieures (JDK/JRE 6, 5, 1.4.2) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Agile Engineering Data Management (EDM) version 6.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server versions 7.0 \u00e0 7.0 SP6 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les diff\u00e9rents\nproduits Oracle. Ces vuln\u00e9rabilit\u00e9s touchent les produits des branches\nde gestion de base de donn\u00e9es, de serveurs applicatifs, de E-business,\nde PeopleSoft et de BEA.\n\nL\u0027exploitation de ces nombreuses vuln\u00e9rabilit\u00e9s permet des actions\nmalveillantes diverses, dont l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-3399",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3399"
},
{
"name": "CVE-2009-3400",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3400"
},
{
"name": "CVE-2009-2002",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2002"
},
{
"name": "CVE-2009-3406",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3406"
},
{
"name": "CVE-2009-1972",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1972"
},
{
"name": "CVE-2009-1993",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1993"
},
{
"name": "CVE-2009-3403",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3403"
},
{
"name": "CVE-2009-3404",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3404"
},
{
"name": "CVE-2009-3392",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3392"
},
{
"name": "CVE-2009-1979",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1979"
},
{
"name": "CVE-2009-1995",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1995"
},
{
"name": "CVE-2009-3402",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3402"
},
{
"name": "CVE-2009-1998",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1998"
},
{
"name": "CVE-2009-1964",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1964"
},
{
"name": "CVE-2009-1990",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1990"
},
{
"name": "CVE-2009-1992",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1992"
},
{
"name": "CVE-2009-3396",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3396"
},
{
"name": "CVE-2009-3395",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3395"
},
{
"name": "CVE-2009-3408",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3408"
},
{
"name": "CVE-2009-2625",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2625"
},
{
"name": "CVE-2009-2000",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2000"
},
{
"name": "CVE-2009-3397",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3397"
},
{
"name": "CVE-2009-1965",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1965"
},
{
"name": "CVE-2009-2001",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2001"
},
{
"name": "CVE-2009-1018",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1018"
},
{
"name": "CVE-2009-1991",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1991"
},
{
"name": "CVE-2009-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0217"
},
{
"name": "CVE-2009-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1971"
},
{
"name": "CVE-2009-1985",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1985"
},
{
"name": "CVE-2009-1997",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1997"
},
{
"name": "CVE-2009-3405",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3405"
},
{
"name": "CVE-2009-1007",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1007"
},
{
"name": "CVE-2009-3409",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3409"
},
{
"name": "CVE-2009-3401",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3401"
},
{
"name": "CVE-2009-1999",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1999"
},
{
"name": "CVE-2009-1994",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1994"
},
{
"name": "CVE-2009-3407",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3407"
},
{
"name": "CVE-2009-3393",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3393"
}
],
"links": [],
"reference": "CERTA-2009-AVI-452",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2009-10-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s affectent diff\u00e9rents produits Oracle.\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet de nombreuses actions\nmalveillantes, dont l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s des produits Oracle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle du mois d\u0027octobre 2009",
"url": "http://www.oracle.com/technologiy/deploy/security/critical-patch-updates/cpuoct2009.html"
}
]
}
CERTA-2009-AVI-279
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Oracle. L'exploitation de ces vulnérabilités permet de réaliser diverses actions malveillantes, dont l'exécution de code arbitraire à distance.
Description
Un grand nombre de vulnérabilités a été découvert dans les produits Oracle. L'exploitation de ces vulnérabilités permet de réaliser diverses actions malveillantes, dont l'exécution de code arbitraire à distance pour certaines.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Weblogic | Oracle WebLogic Server 8.1 à 8.1 SP6 ; | ||
| Oracle | N/A | Oracle Enterprise Manager Grid Control 10g Release 4, version 10.2.0.4 ; | ||
| Oracle | N/A | Oracle E-Business Suite Release 12, version 12.0.6 ; | ||
| Oracle | Weblogic | Oracle WebLogic Server 10.3, 10.0MP1 ; | ||
| Oracle | N/A | Oracle E-Business Suite Release 11i, version 11.5.10.2 ; | ||
| Oracle | Weblogic | Oracle WebLogic Server 9.0 GA, 9.1 GA, 9.2 à 9.2 MP3 ; | ||
| Oracle | N/A | Siebel Highly Interactive Client versions 7.5.3, 7.7.2, 7.8, 8.0, 8.1 ; | ||
| Oracle | N/A | Oracle Database 11g, versions 11.1.0.6, 11.1.0.7 ; | ||
| Oracle | N/A | Oracle E-Business Suite Release 12, version 12.1 ; | ||
| Oracle | N/A | Oracle Database 10g, version 10.1.0.5 ; | ||
| Oracle | N/A | Oracle JRockit R27.6.3 et les versions précédentes (JDK/JRE 6, 5, 1.4.2). | ||
| Oracle | PeopleSoft | PeopleSoft Enterprise HRMS versions 8.9 et 9.0 ; | ||
| Oracle | N/A | Oracle Identity Management 10g, versions 10.1.4.0.1, 10.1.4.2.0, 10.1.4.3.0 ; | ||
| Oracle | N/A | Oracle Application Server 10g Release 3 (10.1.3), versions 10.1.3.3.0, 10.1.3.4.0 ; | ||
| Oracle | N/A | Oracle Application Server 10g Release 2 (10.1.2), version 10.1.2.3.0 ; | ||
| Oracle | N/A | Oracle Enterprise Manager Database Control 11, versions 11.1.0.6, 11.1.0.7 ; | ||
| Oracle | N/A | Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4 ; | ||
| Oracle | PeopleSoft | PeopleSoft Enterprise PeopleTools version 8.49 ; | ||
| Oracle | N/A | Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV ; | ||
| Oracle | Weblogic | Oracle Complex Event Processing 10.3 et WebLogic Event Server 2.0 ; | ||
| Oracle | Weblogic | Oracle WebLogic Server 7.0 à 7.0 SP7 ; |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle WebLogic Server 8.1 \u00e0 8.1 SP6 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Enterprise Manager Grid Control 10g Release 4, version 10.2.0.4 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite Release 12, version 12.0.6 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server 10.3, 10.0MP1 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite Release 11i, version 11.5.10.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server 9.0 GA, 9.1 GA, 9.2 \u00e0 9.2 MP3 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Siebel Highly Interactive Client versions 7.5.3, 7.7.2, 7.8, 8.0, 8.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 11g, versions 11.1.0.6, 11.1.0.7 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite Release 12, version 12.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 10g, version 10.1.0.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle JRockit R27.6.3 et les versions pr\u00e9c\u00e9dentes (JDK/JRE 6, 5, 1.4.2).",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft Enterprise HRMS versions 8.9 et 9.0 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Identity Management 10g, versions 10.1.4.0.1, 10.1.4.2.0, 10.1.4.3.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Application Server 10g Release 3 (10.1.3), versions 10.1.3.3.0, 10.1.3.4.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Application Server 10g Release 2 (10.1.2), version 10.1.2.3.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Enterprise Manager Database Control 11, versions 11.1.0.6, 11.1.0.7 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft Enterprise PeopleTools version 8.49 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Complex Event Processing 10.3 et WebLogic Event Server 2.0 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server 7.0 \u00e0 7.0 SP7 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUn grand nombre de vuln\u00e9rabilit\u00e9s a \u00e9t\u00e9 d\u00e9couvert dans les produits\nOracle. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet de r\u00e9aliser diverses\nactions malveillantes, dont l\u0027ex\u00e9cution de code arbitraire \u00e0 distance\npour certaines.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-1019",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1019"
},
{
"name": "CVE-2009-1978",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1978"
},
{
"name": "CVE-2009-1969",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1969"
},
{
"name": "CVE-2009-1976",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1976"
},
{
"name": "CVE-2009-1987",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1987"
},
{
"name": "CVE-2009-1966",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1966"
},
{
"name": "CVE-2009-1970",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1970"
},
{
"name": "CVE-2009-1988",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1988"
},
{
"name": "CVE-2009-1968",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1968"
},
{
"name": "CVE-2009-1974",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1974"
},
{
"name": "CVE-2009-1983",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1983"
},
{
"name": "CVE-2009-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1094"
},
{
"name": "CVE-2009-1020",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1020"
},
{
"name": "CVE-2009-1015",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1015"
},
{
"name": "CVE-2009-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1975"
},
{
"name": "CVE-2009-1973",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1973"
},
{
"name": "CVE-2009-1977",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1977"
},
{
"name": "CVE-2009-0217",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0217"
},
{
"name": "CVE-2009-1967",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1967"
},
{
"name": "CVE-2009-1982",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1982"
},
{
"name": "CVE-2009-0987",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0987"
},
{
"name": "CVE-2009-1986",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1986"
},
{
"name": "CVE-2009-1963",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1963"
},
{
"name": "CVE-2009-1021",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1021"
},
{
"name": "CVE-2009-1984",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1984"
},
{
"name": "CVE-2009-1989",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1989"
},
{
"name": "CVE-2009-1981",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1981"
},
{
"name": "CVE-2009-1980",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1980"
},
{
"name": "CVE-2009-1523",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1523"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Oracle de Juillet 2009 :",
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html"
}
],
"reference": "CERTA-2009-AVI-279",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2009-07-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nOracle. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet de r\u00e9aliser diverses\nactions malveillantes, dont l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans des produits Oracle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle de juillet 2009",
"url": null
}
]
}
CERTA-2009-AVI-154
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Oracle. L'exploitation de ces vulnérabilités permet de réaliser diverses actions malveillantes, dont l'exécution de code arbitraire à distance.
Description
Un grand nombre de vulnérabilités a été découvert dans les produits Oracle :
- Oracle Database ;
- Oracle Application Server ;
- Oracle Collaboration Suite ;
- Beehive Collaboration Suite ;
- Oracle Enterprise Manager ;
- Oracle E-Business Suite et Application ;
- Oracle PoepleSoft Enterprise ;
- JD Edwards EnterpriseOne ;
- Oracle Siebel Enterprise ;
- Oracle Weblogic Server, Portal, Data Service ;
- Oracle Data Service Integrator ;
- AquaLogic Data Services Platform;
- JRockit.
L'exploitation de ces vulnérabilités permet de réaliser diverses actions malveillantes, dont l'exécution de code arbitraire à distance pour certaines.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Weblogic | Oracle WebLogic Server version 10.3 ; | ||
| Oracle | N/A | Oracle E-Business Suite Release 12, version 12.0.6 ; | ||
| Oracle | N/A | Oracle Database 9i Release 2, versions 9.2.0.8 et 9.2.0.8DV ; | ||
| Oracle | N/A | Oracle JRockit (anciennement BEA JRockit) version R27.6.2 et versions antérieures. | ||
| Oracle | N/A | Oracle E-Business Suite Release 11i, version 11.5.10.2 ; | ||
| Oracle | N/A | Oracle Database 10g, version 10.1.0.5 ; | ||
| Oracle | PeopleSoft | PeopleSoft Enterprise HRMS versions 8.9 et 9.0 ; | ||
| Oracle | N/A | Oracle Database 10g Release 2, versions 10.2.0.3 et 10.2.0.4 ; | ||
| Oracle | Weblogic | Oracle WebLogic Portal versions 8.1 à 8.1 SP6 ; | ||
| Oracle | N/A | Oracle BI Publisher versions 10.1.3.3.0, 10.1.3.3.1, 10.1.3.3.2, 10.1.3.3.3 et 10.1.3.4 ; | ||
| Oracle | N/A | Oracle Database 11g, versions 11.1.0.6 et 11.1.0.7 ; | ||
| Oracle | N/A | Oracle Application Server 10g Release 2 (10.1.2), version 10.1.2.3.0 ; | ||
| Oracle | Weblogic | Oracle WebLogic Server versions 9.0 GA, 9.1 GA et 9.2 jusqu'à la version 9.2 MP3 ; | ||
| Oracle | Weblogic | Oracle WebLogic Server versions 7.0 à 7.0 SP7 ; | ||
| Oracle | N/A | Oracle Data Service Integrator versions 10.3.0 ; | ||
| Oracle | N/A | Oracle AquaLogic Data Services Platform versions 3.2, 3.0.1 et 3.0 ; | ||
| Oracle | N/A | Oracle Outside In SDK HTML Export versions 8.2.2 et 8.3.0 ; | ||
| Oracle | PeopleSoft | PeopleSoft Enterprise PeopleTools version 8.49 ; | ||
| Oracle | N/A | Oracle XML Publisher version 5.6.2, 10.1.3.2 et 10.1.3.2.1 ; | ||
| Oracle | Weblogic | Oracle WebLogic Server versions 8.1 à 8.1 SP6 ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle WebLogic Server version 10.3 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite Release 12, version 12.0.6 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 9i Release 2, versions 9.2.0.8 et 9.2.0.8DV ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle JRockit (anciennement BEA JRockit) version R27.6.2 et versions ant\u00e9rieures.",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite Release 11i, version 11.5.10.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 10g, version 10.1.0.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft Enterprise HRMS versions 8.9 et 9.0 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 10g Release 2, versions 10.2.0.3 et 10.2.0.4 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Portal versions 8.1 \u00e0 8.1 SP6 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle BI Publisher versions 10.1.3.3.0, 10.1.3.3.1, 10.1.3.3.2, 10.1.3.3.3 et 10.1.3.4 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 11g, versions 11.1.0.6 et 11.1.0.7 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Application Server 10g Release 2 (10.1.2), version 10.1.2.3.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server versions 9.0 GA, 9.1 GA et 9.2 jusqu\u0027\u00e0 la version 9.2 MP3 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server versions 7.0 \u00e0 7.0 SP7 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Data Service Integrator versions 10.3.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle AquaLogic Data Services Platform versions 3.2, 3.0.1 et 3.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Outside In SDK HTML Export versions 8.2.2 et 8.3.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft Enterprise PeopleTools version 8.49 ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle XML Publisher version 5.6.2, 10.1.3.2 et 10.1.3.2.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server versions 8.1 \u00e0 8.1 SP6 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUn grand nombre de vuln\u00e9rabilit\u00e9s a \u00e9t\u00e9 d\u00e9couvert dans les produits\nOracle :\n\n- Oracle Database ;\n- Oracle Application Server ;\n- Oracle Collaboration Suite ;\n- Beehive Collaboration Suite ;\n- Oracle Enterprise Manager ;\n- Oracle E-Business Suite et Application ;\n- Oracle PoepleSoft Enterprise ;\n- JD Edwards EnterpriseOne ;\n- Oracle Siebel Enterprise ;\n- Oracle Weblogic Server, Portal, Data Service ;\n- Oracle Data Service Integrator ;\n- AquaLogic Data Services Platform;\n- JRockit.\n\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet de r\u00e9aliser diverses actions\nmalveillantes, dont l\u0027ex\u00e9cution de code arbitraire \u00e0 distance pour\ncertaines.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2009-1006",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1006"
},
{
"name": "CVE-2009-0991",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0991"
},
{
"name": "CVE-2009-0982",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0982"
},
{
"name": "CVE-2009-0980",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0980"
},
{
"name": "CVE-2009-0973",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0973"
},
{
"name": "CVE-2009-0986",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0986"
},
{
"name": "CVE-2009-1004",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1004"
},
{
"name": "CVE-2009-1000",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1000"
},
{
"name": "CVE-2009-0995",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0995"
},
{
"name": "CVE-2009-0978",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0978"
},
{
"name": "CVE-2009-1003",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1003"
},
{
"name": "CVE-2009-1005",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1005"
},
{
"name": "CVE-2009-0994",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0994"
},
{
"name": "CVE-2009-1001",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1001"
},
{
"name": "CVE-2009-1013",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1013"
},
{
"name": "CVE-2009-0975",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0975"
},
{
"name": "CVE-2009-0997",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0997"
},
{
"name": "CVE-2009-0993",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0993"
},
{
"name": "CVE-2009-1014",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1014"
},
{
"name": "CVE-2009-0972",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0972"
},
{
"name": "CVE-2009-0992",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0992"
},
{
"name": "CVE-2009-1010",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1010"
},
{
"name": "CVE-2009-0999",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0999"
},
{
"name": "CVE-2009-0974",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0974"
},
{
"name": "CVE-2009-0989",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0989"
},
{
"name": "CVE-2009-0996",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0996"
},
{
"name": "CVE-2009-0977",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0977"
},
{
"name": "CVE-2009-0985",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0985"
},
{
"name": "CVE-2009-1008",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1008"
},
{
"name": "CVE-2009-0987",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0987"
},
{
"name": "CVE-2009-1017",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1017"
},
{
"name": "CVE-2009-0984",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0984"
},
{
"name": "CVE-2009-1002",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1002"
},
{
"name": "CVE-2009-0983",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0983"
},
{
"name": "CVE-2009-0976",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0976"
},
{
"name": "CVE-2009-1016",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1016"
},
{
"name": "CVE-2009-1011",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1011"
},
{
"name": "CVE-2009-0988",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0988"
},
{
"name": "CVE-2009-1012",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1012"
},
{
"name": "CVE-2009-0979",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0979"
},
{
"name": "CVE-2009-0998",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0998"
},
{
"name": "CVE-2009-1009",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1009"
},
{
"name": "CVE-2009-0981",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0981"
},
{
"name": "CVE-2009-0990",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0990"
}
],
"links": [],
"reference": "CERTA-2009-AVI-154",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2009-04-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nOracle. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet de r\u00e9aliser diverses\nactions malveillantes, dont l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s des produits Oracle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle du 14 avril 2009",
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2009.html"
}
]
}
CERTA-2009-AVI-013
Vulnerability from certfr_avis - Published: - Updated:
Plusieurs vulnérabilités affectent les produits Oracle. Elles permettent à un utilisateur malveillant de porter atteinte à l'intégrité, à la confidentialité ou à la disponibilité des données.
Description
- Huit vulnérabilités, exploitables à distance après authentification, affectent les bases de données (Oracle Database). Elles permettent de porter atteinte à l'intégrité, à la confidentialité ou à la disponibilité des données ;
- deux vulnérabilités affectent les clients SQL*Plus et permettent de porter atteinte à la confidentialité des données ;
- neuf vulnérabilités, exploitables à distance sans authentification, concernent Oracle Secure Backup. Quatre d'entre elles ne permettent qu'un déni de service. Les autres portent en plus atteinte à l'intégrité et à la confidentialité des données ;
- une vulnérabilité affecte la base de données résidente en mémoire, Oracle TimesTen In-Memory Database. Elle permet de porter atteinte à l'intégrité, à la confidentialité et à la disponibilité des données ;
- quatre vulnérabilités, dont trois sont exploitables sans authentification, affectent Oracle Application Server. Elles permettent de porter atteinte à la confidentialité ou à l'intégrité des données. Trois d'entre elles sont exploitables à distance ;
- une vulnérabilité de Oracle Collaboration Suite permet, à distance, à un utilisateur authentifié de lire indûment des données ;
- quatre vulnérabilités, dont une est exploitable sans authentification, sont présentes dans Oracle E-business Suite. Elles permettent de porter atteinte à la confidentialité ou à l'intégrité des données. Trois d'entre elles sont exploitables à distance ;
- une vulnérabilité concerne Oracle Enterprise Manager Grid Control. Elle permet à un utilisateur authentifié d'accéder à distance à des données ;
- cinq vulnérabilités sont présentes dans PeopleSoft. Elles permettent à un utilisateur authentifié de porter atteinte, à distance, à l'intégrité, à la confidentialité ou à la disponibilité des données ;
- une vulnérabilité de JD Edwards Tools permet à un utilisateur authentifié de lire indûment des données, à distance ;
- quatre vulnérabilités, exploitables à distance et sans authentification, affectent Oracle WebLogic Server. Elles permettent de porter atteinte à la confidentialité ou à l'intégrité des données.
- une vulnérabilité, exploitable à distance et sans authentification, affecte Oracle WebLogic Portal. Elle permet de porter atteinte à la confidentialité et à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | N/A | Oracle Enterprise Manager Grid Control 10g ; | ||
| Oracle | N/A | Oracle Application Server 10g ; | ||
| Oracle | N/A | Oracle E-business Suite 11i et 12 ; | ||
| Oracle | PeopleSoft | Peoplesoft Enterprise HRMS ; | ||
| Oracle | N/A | Client Oracle SQL*Plus ; | ||
| Oracle | Weblogic | Oracle WebLogic Server, versions 7.x à 10. x ; | ||
| Oracle | N/A | Oracle Database 9i, 10g et 11g ; | ||
| Oracle | N/A | Oracle Secure Backup version 10.x ; | ||
| Oracle | N/A | JD Edwards Tools ; | ||
| Oracle | N/A | Oracle TimesTen In-Memory Database version 7.x ; | ||
| Oracle | Weblogic | Oracle WebLogic Portal, versions 8.x à 10. x. | ||
| Oracle | N/A | Oracle Collaboration Suite 10g ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Enterprise Manager Grid Control 10g ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Application Server 10g ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-business Suite 11i et 12 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Peoplesoft Enterprise HRMS ;",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Client Oracle SQL*Plus ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server, versions 7.x \u00e0 10. x ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 9i, 10g et 11g ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Secure Backup version 10.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "JD Edwards Tools ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle TimesTen In-Memory Database version 7.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Portal, versions 8.x \u00e0 10. x.",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Collaboration Suite 10g ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\n- Huit vuln\u00e9rabilit\u00e9s, exploitables \u00e0 distance apr\u00e8s authentification,\n affectent les bases de donn\u00e9es (Oracle Database). Elles permettent\n de porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9, \u00e0 la confidentialit\u00e9 ou \u00e0 la\n disponibilit\u00e9 des donn\u00e9es ;\n- deux vuln\u00e9rabilit\u00e9s affectent les clients SQL\\*Plus et permettent de\n porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es ;\n- neuf vuln\u00e9rabilit\u00e9s, exploitables \u00e0 distance sans authentification,\n concernent Oracle Secure Backup. Quatre d\u0027entre elles ne permettent\n qu\u0027un d\u00e9ni de service. Les autres portent en plus atteinte \u00e0\n l\u0027int\u00e9grit\u00e9 et \u00e0 la confidentialit\u00e9 des donn\u00e9es ;\n- une vuln\u00e9rabilit\u00e9 affecte la base de donn\u00e9es r\u00e9sidente en m\u00e9moire,\n Oracle TimesTen In-Memory Database. Elle permet de porter atteinte \u00e0\n l\u0027int\u00e9grit\u00e9, \u00e0 la confidentialit\u00e9 et \u00e0 la disponibilit\u00e9 des donn\u00e9es\n ;\n- quatre vuln\u00e9rabilit\u00e9s, dont trois sont exploitables sans\n authentification, affectent Oracle Application Server. Elles\n permettent de porter atteinte \u00e0 la confidentialit\u00e9 ou \u00e0 l\u0027int\u00e9grit\u00e9\n des donn\u00e9es. Trois d\u0027entre elles sont exploitables \u00e0 distance ;\n- une vuln\u00e9rabilit\u00e9 de Oracle Collaboration Suite permet, \u00e0 distance,\n \u00e0 un utilisateur authentifi\u00e9 de lire ind\u00fbment des donn\u00e9es ;\n- quatre vuln\u00e9rabilit\u00e9s, dont une est exploitable sans\n authentification, sont pr\u00e9sentes dans Oracle E-business Suite. Elles\n permettent de porter atteinte \u00e0 la confidentialit\u00e9 ou \u00e0 l\u0027int\u00e9grit\u00e9\n des donn\u00e9es. Trois d\u0027entre elles sont exploitables \u00e0 distance ;\n- une vuln\u00e9rabilit\u00e9 concerne Oracle Enterprise Manager Grid Control.\n Elle permet \u00e0 un utilisateur authentifi\u00e9 d\u0027acc\u00e9der \u00e0 distance \u00e0 des\n donn\u00e9es ;\n- cinq vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans PeopleSoft. Elles permettent\n \u00e0 un utilisateur authentifi\u00e9 de porter atteinte, \u00e0 distance, \u00e0\n l\u0027int\u00e9grit\u00e9, \u00e0 la confidentialit\u00e9 ou \u00e0 la disponibilit\u00e9 des donn\u00e9es\n ;\n- une vuln\u00e9rabilit\u00e9 de JD Edwards Tools permet \u00e0 un utilisateur\n authentifi\u00e9 de lire ind\u00fbment des donn\u00e9es, \u00e0 distance ;\n- quatre vuln\u00e9rabilit\u00e9s, exploitables \u00e0 distance et sans\n authentification, affectent Oracle WebLogic Server. Elles permettent\n de porter atteinte \u00e0 la confidentialit\u00e9 ou \u00e0 l\u0027int\u00e9grit\u00e9 des\n donn\u00e9es.\n- une vuln\u00e9rabilit\u00e9, exploitable \u00e0 distance et sans authentification,\n affecte Oracle WebLogic Portal. Elle permet de porter atteinte \u00e0 la\n confidentialit\u00e9 et \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-3999",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3999"
},
{
"name": "CVE-2008-4015",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4015"
},
{
"name": "CVE-2008-5445",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5445"
},
{
"name": "CVE-2008-5459",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5459"
},
{
"name": "CVE-2008-4014",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4014"
},
{
"name": "CVE-2008-5460",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5460"
},
{
"name": "CVE-2008-4007",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4007"
},
{
"name": "CVE-2008-5457",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5457"
},
{
"name": "CVE-2008-5454",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5454"
},
{
"name": "CVE-2008-5458",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5458"
},
{
"name": "CVE-2008-2623",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2623"
},
{
"name": "CVE-2008-5436",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5436"
},
{
"name": "CVE-2008-5451",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5451"
},
{
"name": "CVE-2008-5438",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5438"
},
{
"name": "CVE-2008-5443",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5443"
},
{
"name": "CVE-2008-5442",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5442"
},
{
"name": "CVE-2008-3981",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3981"
},
{
"name": "CVE-2008-3978",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3978"
},
{
"name": "CVE-2008-5437",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5437"
},
{
"name": "CVE-2008-5455",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5455"
},
{
"name": "CVE-2008-5439",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5439"
},
{
"name": "CVE-2008-5444",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5444"
},
{
"name": "CVE-2008-4016",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4016"
},
{
"name": "CVE-2008-5447",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5447"
},
{
"name": "CVE-2008-5463",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5463"
},
{
"name": "CVE-2008-3974",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3974"
},
{
"name": "CVE-2008-5450",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5450"
},
{
"name": "CVE-2008-5446",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5446"
},
{
"name": "CVE-2008-3997",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3997"
},
{
"name": "CVE-2008-5462",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5462"
},
{
"name": "CVE-2008-5440",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5440"
},
{
"name": "CVE-2008-3979",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3979"
},
{
"name": "CVE-2008-5456",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5456"
},
{
"name": "CVE-2008-4006",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4006"
},
{
"name": "CVE-2008-3973",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3973"
},
{
"name": "CVE-2008-5452",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5452"
},
{
"name": "CVE-2008-5461",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5461"
},
{
"name": "CVE-2008-5448",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5448"
},
{
"name": "CVE-2008-4017",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4017"
},
{
"name": "CVE-2008-5449",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5449"
},
{
"name": "CVE-2008-5441",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5441"
}
],
"links": [],
"reference": "CERTA-2009-AVI-013",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2009-01-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectent les produits Oracle. Elles permettent\n\u00e0 un utilisateur malveillant de porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9, \u00e0 la\nconfidentialit\u00e9 ou \u00e0 la disponibilit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9s des produits Oracle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle du 13 janvier 2009",
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html"
}
]
}
CERTA-2008-AVI-508
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Oracle et certains produits tiers.
Description
De nombreuses vulnérabilités ont été corrigées dans les produits Oracle et certains produits tiers. L'exploitation de celles-ci pourraient permettre à une personne malintentionnée distante de porter atteinte à la confidentialité des données, d'effectuer un déni de service et/ou d'exécuter du code arbitraire.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Weblogic | Oracle Application Server 10g ; | ||
| Oracle | Weblogic | BEA WorkShop for WebLogic 9.x ; | ||
| Oracle | Weblogic | Oracle PeopleSoft Enterprise Portal Solutions 8.x ; | ||
| Oracle | Weblogic | Oracle Database 10.x ; | ||
| Oracle | Weblogic | BEA WebLogic Server 7.x ; | ||
| Oracle | Weblogic | Peoplesoft PeopleTools 8.x ; | ||
| Oracle | Weblogic | BEA WebLogic Server 10.x ; | ||
| Oracle | Weblogic | Oracle 9i Database Standard Edition ; | ||
| Oracle | Weblogic | Oracle Database 11.x ; | ||
| Oracle | Weblogic | BEA WebLogic Workshop 8.x ; | ||
| Oracle | Weblogic | Oracle 9i Database Enterprise Edition ; | ||
| Oracle | Weblogic | Oracle E-Business Suite 11i ; | ||
| Oracle | Weblogic | JD Edwards EntrepriseOne Tools 8.x ; | ||
| Oracle | Weblogic | BEA WorkShop for WebLogic 10.x. | ||
| Oracle | Weblogic | BEA WebLogic Server 6.x ; | ||
| Oracle | Weblogic | BEA WebLogic Server 9.x ; | ||
| Oracle | Weblogic | BEA WebLogic Server 8.x ; | ||
| Oracle | Weblogic | Oracle E-Business Suite 12.x ; |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Application Server 10g ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "BEA WorkShop for WebLogic 9.x ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle PeopleSoft Enterprise Portal Solutions 8.x ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 10.x ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "BEA WebLogic Server 7.x ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Peoplesoft PeopleTools 8.x ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "BEA WebLogic Server 10.x ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle 9i Database Standard Edition ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 11.x ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "BEA WebLogic Workshop 8.x ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle 9i Database Enterprise Edition ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite 11i ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "JD Edwards EntrepriseOne Tools 8.x ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "BEA WorkShop for WebLogic 10.x.",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "BEA WebLogic Server 6.x ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "BEA WebLogic Server 9.x ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "BEA WebLogic Server 8.x ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-Business Suite 12.x ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits Oracle\net certains produits tiers. L\u0027exploitation de celles-ci pourraient\npermettre \u00e0 une personne malintentionn\u00e9e distante de porter atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es, d\u0027effectuer un d\u00e9ni de service et/ou\nd\u0027ex\u00e9cuter du code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-3991",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3991"
},
{
"name": "CVE-2008-4008",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4008"
},
{
"name": "CVE-2008-4003",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4003"
},
{
"name": "CVE-2008-3977",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3977"
},
{
"name": "CVE-2008-4002",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4002"
},
{
"name": "CVE-2008-3988",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3988"
},
{
"name": "CVE-2008-4013",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4013"
},
{
"name": "CVE-2008-4005",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4005"
},
{
"name": "CVE-2008-3985",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3985"
},
{
"name": "CVE-2008-2624",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2624"
},
{
"name": "CVE-2008-3975",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3975"
},
{
"name": "CVE-2008-2625",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2625"
},
{
"name": "CVE-2008-4009",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4009"
},
{
"name": "CVE-2008-3995",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3995"
},
{
"name": "CVE-2008-4010",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4010"
},
{
"name": "CVE-2008-4012",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4012"
},
{
"name": "CVE-2008-3989",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3989"
},
{
"name": "CVE-2008-3986",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3986"
},
{
"name": "CVE-2008-3982",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3982"
},
{
"name": "CVE-2008-2619",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2619"
},
{
"name": "CVE-2008-3993",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3993"
},
{
"name": "CVE-2008-3980",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3980"
},
{
"name": "CVE-2008-3996",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3996"
},
{
"name": "CVE-2008-4001",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4001"
},
{
"name": "CVE-2008-4004",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4004"
},
{
"name": "CVE-2008-3987",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3987"
},
{
"name": "CVE-2008-3998",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3998"
},
{
"name": "CVE-2008-3994",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3994"
},
{
"name": "CVE-2008-2588",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2588"
},
{
"name": "CVE-2008-3983",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3983"
},
{
"name": "CVE-2008-3984",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3984"
},
{
"name": "CVE-2008-3976",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3976"
},
{
"name": "CVE-2008-3990",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3990"
},
{
"name": "CVE-2008-4000",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4000"
},
{
"name": "CVE-2008-3992",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3992"
},
{
"name": "CVE-2008-4011",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4011"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Oracle du 14 octobre 2008 :",
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html"
}
],
"reference": "CERTA-2008-AVI-508",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits Oracle\net certains produits tiers.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans les produits Oracle et WebLogic",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin Oracle du 14 octobre 2008",
"url": null
}
]
}
CERTA-2008-AVI-367
Vulnerability from certfr_avis - Published: - Updated:
De nombreuses vulnérabilités affectent les produits Oracle. L'exploitation de certaines d'entre elles permet à un utilisateur malveillant d'exécuter du code arbitraire à distance.
Description
Onze vulnérabilités affectent les bases de données Oracle Database. Deux sont exploitables localement. L'exploitation à distance des neuf autres demande une authentification préalable. Un utilisateur malveillant exploitant ces vulnérabilités peut exécuter du code arbitraire à distance ou accéder indûment aux données.
Trois vulnérabilités concernent Oracle TimesTen in-Memory Database. Leur exploitation permet à un utilisateur malveillant de provoquer un déni de service à distance, sans requérir d'authentification.
Neuf vulnérabilités affectent Oracle Application Server. Elle permettent à un utilisateur malveillant non authentifié de provoquer un déni de service à distance, de modifier ou de lire des données de manière illégitime.
Six vulnérabilités de E-businees Suite permettent de porter atteinte à la confidentialité ou à l'intégrité des données.
Deux vulnérabilités affectent Oracle Enterprise Manager. Leur exploitation permet à un utilisateur malveillant de porter atteinte à l'intégrité des données, à distance.
Sept vulnérabilités dans les produits Oracle PeopleSoft permettent à un utilisateur malveillant disposant d'une session valide de provoquer un déni de service à distance, de modifier ou de lire indûment des données.
Sept vulnérabilités sont présentes dans les serveurs Oracle WebLogic, dont quatre sont exploitables à distance sans authentification, une avec authentification et deux localement. Elles permettent à un utilisateur malveillant de provoquer un déni de service à distance, de modifier ou de lire des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Weblogic | Oracle Application Server 10g ; | ||
| Oracle | Weblogic | Oracle Hyperion Performance Suite 8.x ; | ||
| Oracle | Weblogic | Oracle E-business Suite 12 et 11i ; | ||
| Oracle | Weblogic | Oracle PeopleSoft Entreprise CRM 8.x et 9.x ; | ||
| Oracle | Weblogic | Oracle Hyperion Bi Plus 9.x ; | ||
| Oracle | Weblogic | Oracle Weblogic Server 6, 7,8,9 et 10.x. | ||
| Oracle | Weblogic | Oracle Database 11g, 10g et 9i ; | ||
| Oracle | Weblogic | Oracle Enterprise Manager Grid Control 10g ; | ||
| Oracle | Weblogic | Oracle PeopleSoft Entreprise PeopleTools 8.x ; | ||
| Oracle | Weblogic | Oracle Enterprise Manager Database Control 11 et 10g ; | ||
| Oracle | Weblogic | Oracle TimesTen in-Memory Database ; |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Application Server 10g ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Hyperion Performance Suite 8.x ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle E-business Suite 12 et 11i ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle PeopleSoft Entreprise CRM 8.x et 9.x ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Hyperion Bi Plus 9.x ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Weblogic Server 6, 7,8,9 et 10.x.",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 11g, 10g et 9i ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Enterprise Manager Grid Control 10g ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle PeopleSoft Entreprise PeopleTools 8.x ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Enterprise Manager Database Control 11 et 10g ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle TimesTen in-Memory Database ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nOnze vuln\u00e9rabilit\u00e9s affectent les bases de donn\u00e9es Oracle Database. Deux\nsont exploitables localement. L\u0027exploitation \u00e0 distance des neuf autres\ndemande une authentification pr\u00e9alable. Un utilisateur malveillant\nexploitant ces vuln\u00e9rabilit\u00e9s peut ex\u00e9cuter du code arbitraire \u00e0\ndistance ou acc\u00e9der ind\u00fbment aux donn\u00e9es.\n\nTrois vuln\u00e9rabilit\u00e9s concernent Oracle TimesTen in-Memory Database. Leur\nexploitation permet \u00e0 un utilisateur malveillant de provoquer un d\u00e9ni de\nservice \u00e0 distance, sans requ\u00e9rir d\u0027authentification.\n\nNeuf vuln\u00e9rabilit\u00e9s affectent Oracle Application Server. Elle permettent\n\u00e0 un utilisateur malveillant non authentifi\u00e9 de provoquer un d\u00e9ni de\nservice \u00e0 distance, de modifier ou de lire des donn\u00e9es de mani\u00e8re\nill\u00e9gitime.\n\nSix vuln\u00e9rabilit\u00e9s de E-businees Suite permettent de porter atteinte \u00e0\nla confidentialit\u00e9 ou \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n\nDeux vuln\u00e9rabilit\u00e9s affectent Oracle Enterprise Manager. Leur\nexploitation permet \u00e0 un utilisateur malveillant de porter atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es, \u00e0 distance.\n\nSept vuln\u00e9rabilit\u00e9s dans les produits Oracle PeopleSoft permettent \u00e0 un\nutilisateur malveillant disposant d\u0027une session valide de provoquer un\nd\u00e9ni de service \u00e0 distance, de modifier ou de lire ind\u00fbment des donn\u00e9es.\n\nSept vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans les serveurs Oracle WebLogic,\ndont quatre sont exploitables \u00e0 distance sans authentification, une avec\nauthentification et deux localement. Elles permettent \u00e0 un utilisateur\nmalveillant de provoquer un d\u00e9ni de service \u00e0 distance, de modifier ou\nde lire des donn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-2621",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2621"
},
{
"name": "CVE-2008-2592",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2592"
},
{
"name": "CVE-2008-2577",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2577"
},
{
"name": "CVE-2008-2608",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2608"
},
{
"name": "CVE-2008-2607",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2607"
},
{
"name": "CVE-2008-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2597"
},
{
"name": "CVE-2008-2612",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2612"
},
{
"name": "CVE-2008-2606",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2606"
},
{
"name": "CVE-2008-2617",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2617"
},
{
"name": "CVE-2008-2605",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2605"
},
{
"name": "CVE-2008-2616",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2616"
},
{
"name": "CVE-2008-2578",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2578"
},
{
"name": "CVE-2008-2586",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2586"
},
{
"name": "CVE-2008-2602",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2602"
},
{
"name": "CVE-2008-2598",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2598"
},
{
"name": "CVE-2008-2596",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2596"
},
{
"name": "CVE-2008-2590",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2590"
},
{
"name": "CVE-2008-2582",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2582"
},
{
"name": "CVE-2008-2610",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2610"
},
{
"name": "CVE-2008-2587",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2587"
},
{
"name": "CVE-2008-2583",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2583"
},
{
"name": "CVE-2008-2594",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2594"
},
{
"name": "CVE-2008-2611",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2611"
},
{
"name": "CVE-2008-2609",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2609"
},
{
"name": "CVE-2008-2595",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2595"
},
{
"name": "CVE-2008-2615",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2615"
},
{
"name": "CVE-2008-2580",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2580"
},
{
"name": "CVE-2008-2614",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2614"
},
{
"name": "CVE-2008-2593",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2593"
},
{
"name": "CVE-2008-2581",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2581"
},
{
"name": "CVE-2008-2613",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2613"
},
{
"name": "CVE-2008-2585",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2585"
},
{
"name": "CVE-2008-2600",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2600"
},
{
"name": "CVE-2008-2604",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2604"
},
{
"name": "CVE-2008-2576",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2576"
},
{
"name": "CVE-2008-2620",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2620"
},
{
"name": "CVE-2008-2588",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2588"
},
{
"name": "CVE-2007-1359",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1359"
},
{
"name": "CVE-2008-2584",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2584"
},
{
"name": "CVE-2008-2603",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2603"
},
{
"name": "CVE-2008-2618",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2618"
},
{
"name": "CVE-2008-2589",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2589"
},
{
"name": "CVE-2008-2599",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2599"
},
{
"name": "CVE-2008-2591",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2591"
},
{
"name": "CVE-2008-2601",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2601"
},
{
"name": "CVE-2008-2622",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2622"
},
{
"name": "CVE-2008-2579",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2579"
}
],
"links": [
{
"title": "Bulletin de mise \u00e0 jour Oracle du 14 juillet 2008 :",
"url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2008.html"
}
],
"reference": "CERTA-2008-AVI-367",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-07-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De nombreuses vuln\u00e9rabilit\u00e9s affectent les produits \u003cspan\nclass=\"textit\"\u003eOracle\u003c/span\u003e. L\u0027exploitation de certaines d\u0027entre elles\npermet \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code arbitraire \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Oracle et Weblogic",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin Oracle du 14 juillet 2008",
"url": null
}
]
}
CERTA-2008-AVI-099
Vulnerability from certfr_avis - Published: - Updated:
De nombreuses vulnérabilités affectent les produits BEA Weblogic. Leur exploitation permet à un utilisateur malveillant d'exécuter du code arbitraire à distance ou de porter atteinte à l'intégrité ou à la confidentialité des données.
Description
De nombreuses vulnérabilités affectent les produits BEA Weblogic :
- une erreur de traitement des requêtes par HttpProxyServlet et HttpClusterServlet permet à un utilisateur d'obtenir des droits d'administration sur le serveur, dans certaines conditions ;
- des erreurs non précisées permettent de réaliser de l'injection de code indirecte (cross site scripting) sur le poste de l'utilisateur ;
- une erreur dans la console d'administration permet de réaliser de l'injection de code indirecte (cross site scripting) sur le poste d'un administrateur ;
- des erreurs non précisées permettent de contourner la politique de sécurité, en particulier d'accéder à des servlettes non autorisées ;
- un problème de gestion des sessions permet de détourner la session d'un utilisateur ;
- une erreur dans la gestion des sessions HTTPS peut conduire à une redirection en HTTP ;
- un défaut de verrouillage des comptes permet à un utilisateur malveillant de procéder à une recherche exhaustive de mots de passe ;
- la protection des mots de passe de bases de données est insuffisante. L'exploitation de cette faiblesse n'est possible que si RDBMS Authentification est utilisé.
Solution
Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Weblogic | BEA Weblogic Workshop, versions 8 ; | ||
| Oracle | Weblogic | BEA Workshop for Weblogic , versions 9.x et 10.x. | ||
| Oracle | Weblogic | BEA Weblogic Express, versions 6.x à 10.x ; | ||
| Oracle | Weblogic | BEA Weblogic Server, versions 6.x à 10.x ; | ||
| Oracle | Weblogic | BEA Weblogic Portal, versions 8.x à 10.x ; |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BEA Weblogic Workshop, versions 8 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "BEA Workshop for Weblogic , versions 9.x et 10.x.",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "BEA Weblogic Express, versions 6.x \u00e0 10.x ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "BEA Weblogic Server, versions 6.x \u00e0 10.x ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "BEA Weblogic Portal, versions 8.x \u00e0 10.x ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe nombreuses vuln\u00e9rabilit\u00e9s affectent les produits BEA Weblogic :\n\n- une erreur de traitement des requ\u00eates par HttpProxyServlet et\n HttpClusterServlet permet \u00e0 un utilisateur d\u0027obtenir des droits\n d\u0027administration sur le serveur, dans certaines conditions ;\n- des erreurs non pr\u00e9cis\u00e9es permettent de r\u00e9aliser de l\u0027injection de\n code indirecte (cross site scripting) sur le poste de l\u0027utilisateur\n ;\n- une erreur dans la console d\u0027administration permet de r\u00e9aliser de\n l\u0027injection de code indirecte (cross site scripting) sur le poste\n d\u0027un administrateur ;\n- des erreurs non pr\u00e9cis\u00e9es permettent de contourner la politique de\n s\u00e9curit\u00e9, en particulier d\u0027acc\u00e9der \u00e0 des servlettes non autoris\u00e9es ;\n- un probl\u00e8me de gestion des sessions permet de d\u00e9tourner la session\n d\u0027un utilisateur ;\n- une erreur dans la gestion des sessions HTTPS peut conduire \u00e0 une\n redirection en HTTP ;\n- un d\u00e9faut de verrouillage des comptes permet \u00e0 un utilisateur\n malveillant de proc\u00e9der \u00e0 une recherche exhaustive de mots de passe\n ;\n- la protection des mots de passe de bases de donn\u00e9es est\n insuffisante. L\u0027exploitation de cette faiblesse n\u0027est possible que\n si RDBMS Authentification est utilis\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 BEA 256 \u00e0 275 :",
"url": "http://dev2dev.bea.com/pub/advisory/264"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 BEA 256 \u00e0 275 :",
"url": "http://dev2dev.bea.com/pub/advisory/257"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 BEA 256 \u00e0 275 :",
"url": "http://dev2dev.bea.com/pub/advisory/275"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 BEA 256 \u00e0 275 :",
"url": "http://dev2dev.bea.com/pub/advisory/268"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 BEA 256 \u00e0 275 :",
"url": "http://dev2dev.bea.com/pub/advisory/273"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 BEA 256 \u00e0 275 :",
"url": "http://dev2dev.bea.com/pub/advisory/265"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 BEA 256 \u00e0 275 :",
"url": "http://dev2dev.bea.com/pub/advisory/262"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 BEA 256 \u00e0 275 :",
"url": "http://dev2dev.bea.com/pub/advisory/266"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 BEA 256 \u00e0 275 :",
"url": "http://dev2dev.bea.com/pub/advisory/258"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 BEA 256 \u00e0 275 :",
"url": "http://dev2dev.bea.com/pub/advisory/270"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 BEA 256 \u00e0 275 :",
"url": "http://dev2dev.bea.com/pub/advisory/263"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 BEA 256 \u00e0 275 :",
"url": "http://dev2dev.bea.com/pub/advisory/274"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 BEA 256 \u00e0 275 :",
"url": "http://dev2dev.bea.com/pub/advisory/267"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 BEA 256 \u00e0 275 :",
"url": "http://dev2dev.bea.com/pub/advisory/271"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 BEA 256 \u00e0 275 :",
"url": "http://dev2dev.bea.com/pub/advisory/256"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 BEA 256 \u00e0 275 :",
"url": "http://dev2dev.bea.com/pub/advisory/269"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 BEA 256 \u00e0 275 :",
"url": "http://dev2dev.bea.com/pub/advisory/261"
}
],
"reference": "CERTA-2008-AVI-099",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-02-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De nombreuses vuln\u00e9rabilit\u00e9s affectent les produits \u003cspan\nclass=\"textit\"\u003eBEA Weblogic\u003c/span\u003e. Leur exploitation permet \u00e0 un\nutilisateur malveillant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance ou de\nporter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 ou \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9s de BEA Weblogic",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletins de s\u00e9curit\u00e9 BEA 256 \u00e0 275",
"url": null
}
]
}
CERTA-2007-AVI-549
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité dans WebLogic Mobility Server permet de contourner la politique de sécurité et d'atteindre à la confidentialité des données.
Description
Une vulnérabilité a été découverte dans la fonctionnalité Image Converter de WebLogic Mobility Server. L'exploitation de cette vulnérabilité permet à un utilisateur malintentionné de télécharger des fichiers pour lesquels il n'a pas de droits d'accès.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "WebLogic Mobility Server version 3.3 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "WebLogic Mobility Server version 3.5 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "WebLogic Mobility Server version 3.6 et version 3.6 SP1.",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans la fonctionnalit\u00e9 Image\nConverter de WebLogic Mobility Server. L\u0027exploitation de cette\nvuln\u00e9rabilit\u00e9 permet \u00e0 un utilisateur malintentionn\u00e9 de t\u00e9l\u00e9charger des\nfichiers pour lesquels il n\u0027a pas de droits d\u0027acc\u00e8s.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2007-6384",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6384"
}
],
"links": [],
"reference": "CERTA-2007-AVI-549",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-12-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans \u003cspan class=\"textit\"\u003eWebLogic Mobility\nServer\u003c/span\u003e permet de contourner la politique de s\u00e9curit\u00e9 et\nd\u0027atteindre \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans BEA WebLogic Mobility Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BEA BEA07-182.00",
"url": "http://dev2dev.bea.com/pub/advisory/255"
}
]
}
CERTA-2007-AVI-385
Vulnerability from certfr_avis - Published: - Updated:
Plusieurs vulnérabilités affectent les produits BEA Weblogic et permettent à un utilisateur malveillant d'accéder à des données sensibles ou de provoquer un déni de service à distance.
Description
Le logiciel BEA Weblogic est un serveur d'applications Java (J2EE).
Plusieurs vulnérabilités affectent les produits BEA Weblogic :
- deux vulnérabilités dans la négociation des algorithmes de chiffrement utilisés pour une session SSL peuvent provoquer l'utilisation de l'algorithme null. Les données sont alors transmises en clair et accessibles à un utilisateur malveillant ;
- des requêtes particulières permettent à un utilisateur malveillant de bloquer les fils (threads) du serveur, donc de provoquer un déni de service à distance ;
- des requêtes avec des en-têtes malformés permettent à un utilisateur malveillant d'épuiser les ressources disque du serveur, donc de provoquer un déni de service à distance.
Solution
Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BEA Weblogic Express, versions 6.x, 7.x, 8.x et 9.x.",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "BEA Weblogic Server, versions 6.x, 7.x, 8.x, 9.x et 10.x ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nLe logiciel BEA Weblogic est un serveur d\u0027applications Java (J2EE).\n\nPlusieurs vuln\u00e9rabilit\u00e9s affectent les produits BEA Weblogic :\n\n- deux vuln\u00e9rabilit\u00e9s dans la n\u00e9gociation des algorithmes de\n chiffrement utilis\u00e9s pour une session SSL peuvent provoquer\n l\u0027utilisation de l\u0027algorithme null. Les donn\u00e9es sont alors\n transmises en clair et accessibles \u00e0 un utilisateur malveillant ;\n- des requ\u00eates particuli\u00e8res permettent \u00e0 un utilisateur malveillant\n de bloquer les fils (threads) du serveur, donc de provoquer un d\u00e9ni\n de service \u00e0 distance ;\n- des requ\u00eates avec des en-t\u00eates malform\u00e9s permettent \u00e0 un utilisateur\n malveillant d\u0027\u00e9puiser les ressources disque du serveur, donc de\n provoquer un d\u00e9ni de service \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"links": [
{
"title": "Bulletins de s\u00e9curit\u00e9 de BEA :",
"url": "http://dev2dev.bea.com/pub/advisory/246"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 de BEA :",
"url": "http://dev2dev.bea.com/pub/advisory/244"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 de BEA :",
"url": "http://dev2dev.bea.com/pub/advisory/247"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 de BEA :",
"url": "http://dev2dev.bea.com/pub/advisory/245"
}
],
"reference": "CERTA-2007-AVI-385",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-08-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectent les produits \u003cspan class=\"textit\"\u003eBEA\nWeblogic\u003c/span\u003e et permettent \u00e0 un utilisateur malveillant d\u0027acc\u00e9der \u00e0\ndes donn\u00e9es sensibles ou de provoquer un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s de BEA Weblogic",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletins de s\u00e9curit\u00e9 de \u003cSPAN class=\"textit\"\u003eBEA\u003c/SPAN\u003e",
"url": null
}
]
}
CERTA-2007-AVI-044
Vulnerability from certfr_avis - Published: - Updated:
Plusieurs vulnérabilités ont été identifiées dans les produits BEA WebLogic. Ils permettraient à une personne malveillante de contourner de diverses manières la politique de sécurité.
Description
Plusieurs vulnérabilités ont été identifiées dans les produits BEA WebLogic. 23 sont citées sur le site de l'éditeur. Parmi celles-ci :
- le service de démarrage et d'arrêt du serveur par les utilisateurs ayant un rôle Admin et Operator ne serait pas suffisamment contrôlé ;
- les sites pourraient, sous certaines conditions, diffuser de l'information contextuelle concernant le réseau interne, tels la configuration du NAT, les adresses IPs des machines ou du serveur DNS ;
- la confidentialité SSL pourrait être contournée par un utilisateur distant, afin de récupérer des données en clair ;
- les certificats clients ne seraient pas correctement validés, lorsque les connexions sont mises en cache par le serveur ;
- le module de WebLogic Server pour Apache ne manipulerait pas correctement certaines erreurs, pouvant provoquer l'interruption du service Apache ;
- les requêtes HTTP ne seraient pas vérifiées de manière correcte ; une personne malveillante pourrait donc envoyer des paquets spécialement construits, afin de récupérer des données de requêtes HTTP précédentes ;
- etc.
Solution
Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BEA WebLogic Server et WebLogic Express version 7.0, ayant une mise \u00e0 jour ant\u00e9rieure au Service Pack 7.",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "BEA WebLogic Server et WebLogic Express version 8.1, ayant une mise \u00e0 jour ant\u00e9rieure au Service Pack 5 ;",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans les produits BEA\nWebLogic. 23 sont cit\u00e9es sur le site de l\u0027\u00e9diteur. Parmi celles-ci :\n\n- le service de d\u00e9marrage et d\u0027arr\u00eat du serveur par les utilisateurs\n ayant un r\u00f4le Admin et Operator ne serait pas suffisamment contr\u00f4l\u00e9\n ;\n- les sites pourraient, sous certaines conditions, diffuser de\n l\u0027information contextuelle concernant le r\u00e9seau interne, tels la\n configuration du NAT, les adresses IPs des machines ou du serveur\n DNS ;\n- la confidentialit\u00e9 SSL pourrait \u00eatre contourn\u00e9e par un utilisateur\n distant, afin de r\u00e9cup\u00e9rer des donn\u00e9es en clair ;\n- les certificats clients ne seraient pas correctement valid\u00e9s,\n lorsque les connexions sont mises en cache par le serveur ;\n- le module de WebLogic Server pour Apache ne manipulerait pas\n correctement certaines erreurs, pouvant provoquer l\u0027interruption du\n service Apache ;\n- les requ\u00eates HTTP ne seraient pas v\u00e9rifi\u00e9es de mani\u00e8re correcte ;\n une personne malveillante pourrait donc envoyer des paquets\n sp\u00e9cialement construits, afin de r\u00e9cup\u00e9rer des donn\u00e9es de requ\u00eates\n HTTP pr\u00e9c\u00e9dentes ;\n- etc.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2007-0426",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0426"
},
{
"name": "CVE-2007-0416",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0416"
},
{
"name": "CVE-2007-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0411"
},
{
"name": "CVE-2007-0424",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0424"
},
{
"name": "CVE-2007-0408",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0408"
},
{
"name": "CVE-2007-0420",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0420"
},
{
"name": "CVE-2007-0413",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0413"
},
{
"name": "CVE-2007-0418",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0418"
},
{
"name": "CVE-2007-0410",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0410"
},
{
"name": "CVE-2007-0414",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0414"
},
{
"name": "CVE-2007-0412",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0412"
},
{
"name": "CVE-2007-0422",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0422"
},
{
"name": "CVE-2007-0415",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0415"
},
{
"name": "CVE-2007-0421",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0421"
},
{
"name": "CVE-2007-0425",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0425"
},
{
"name": "CVE-2007-0409",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0409"
},
{
"name": "CVE-2007-0417",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0417"
},
{
"name": "CVE-2007-0419",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0419"
},
{
"name": "CVE-2007-0423",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0423"
}
],
"links": [],
"reference": "CERTA-2007-AVI-044",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-01-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans les produits BEA\nWebLogic. Ils permettraient \u00e0 une personne malveillante de contourner de\ndiverses mani\u00e8res la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s de BEA WebLogic",
"vendor_advisories": [
{
"published_at": null,
"title": "Avis de s\u00e9curit\u00e9 BEA du 16 janvier 2007",
"url": "http://dev2dev.bea.com/advisoriesnotifications/index.html"
}
]
}