cnvd - cnvd-2016-00686

cnvd-2016-00686

Vulnerability from cnvd

Title: Oracle JD Edwards EnterpriseOne Tools Enterprise Infrastructure SEC组件拒绝服务漏洞（CNVD-2016-00686）

Description:

Oracle JD Edwards EnterpriseOne是全面集成的企业资源计划软件套件,它将业务价值、基于标准的技术和深厚的行业经验融入到一个低TCO的业务解决方案中。

Oracle JD Edwards EnterpriseOne Tools Enterprise Infrastructure SEC组件存在未明安全漏洞，允许远程攻击者利用漏洞进行拒绝服务攻击，访问数据，修改数据。

Severity: 高

Patch Name: Oracle JD Edwards EnterpriseOne Tools Enterprise Infrastructure SEC组件拒绝服务漏洞（CNVD-2016-00686）的补丁

Patch Description:

Oracle JD Edwards EnterpriseOne是全面集成的企业资源计划软件套件,它将业务价值、基于标准的技术和深厚的行业经验融入到一个低TCO的业务解决方案中。

Oracle JD Edwards EnterpriseOne Tools Enterprise Infrastructure SEC组件存在未明安全漏洞，允许远程攻击者利用漏洞进行拒绝服务攻击，访问数据，修改数据。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可参考如下厂商提供的安全补丁以修复该漏洞： http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

Reference: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

Impacted products

Name
['Oracle JD Edwards EnterpriseOne Tools 9.1', 'Oracle JD Edwards EnterpriseOne Tools 9.2']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-0423"
    }
  },
  "description": "Oracle JD Edwards EnterpriseOne\u662f\u5168\u9762\u96c6\u6210\u7684\u4f01\u4e1a\u8d44\u6e90\u8ba1\u5212\u8f6f\u4ef6\u5957\u4ef6,\u5b83\u5c06\u4e1a\u52a1\u4ef7\u503c\u3001\u57fa\u4e8e\u6807\u51c6\u7684\u6280\u672f\u548c\u6df1\u539a\u7684\u884c\u4e1a\u7ecf\u9a8c\u878d\u5165\u5230\u4e00\u4e2a\u4f4eTCO\u7684\u4e1a\u52a1\u89e3\u51b3\u65b9\u6848\u4e2d\u3002\r\n\r\nOracle JD Edwards EnterpriseOne Tools Enterprise Infrastructure SEC\u7ec4\u4ef6\u5b58\u5728\u672a\u660e\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\uff0c\u8bbf\u95ee\u6570\u636e\uff0c\u4fee\u6539\u6570\u636e\u3002",
  "discovererName": "Oracle",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-00686",
  "openTime": "2016-01-29",
  "patchDescription": "Oracle JD Edwards EnterpriseOne\u662f\u5168\u9762\u96c6\u6210\u7684\u4f01\u4e1a\u8d44\u6e90\u8ba1\u5212\u8f6f\u4ef6\u5957\u4ef6,\u5b83\u5c06\u4e1a\u52a1\u4ef7\u503c\u3001\u57fa\u4e8e\u6807\u51c6\u7684\u6280\u672f\u548c\u6df1\u539a\u7684\u884c\u4e1a\u7ecf\u9a8c\u878d\u5165\u5230\u4e00\u4e2a\u4f4eTCO\u7684\u4e1a\u52a1\u89e3\u51b3\u65b9\u6848\u4e2d\u3002\r\n\r\nOracle JD Edwards EnterpriseOne Tools Enterprise Infrastructure SEC\u7ec4\u4ef6\u5b58\u5728\u672a\u660e\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\uff0c\u8bbf\u95ee\u6570\u636e\uff0c\u4fee\u6539\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Oracle JD Edwards EnterpriseOne Tools Enterprise Infrastructure SEC\u7ec4\u4ef6\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2016-00686\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Oracle JD Edwards EnterpriseOne Tools 9.1",
      "Oracle JD Edwards EnterpriseOne Tools 9.2"
    ]
  },
  "referenceLink": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
  "serverity": "\u9ad8",
  "submitTime": "2016-01-23",
  "title": "Oracle JD Edwards EnterpriseOne Tools Enterprise Infrastructure SEC\u7ec4\u4ef6\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2016-00686\uff09"
}

CVE-2016-0423 (GCVE-0-2016-0423)

Vulnerability from cvelistv5

Published

2016-01-21 02:00

Modified

2024-08-05 22:15

Severity ?

CWE

Summary

Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Enterprise Infrastructure SEC.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1034722	vdb-entry, x_refsource_SECTRACK
	http://packetstormsecurity.com/files/138512/JD-Edwards-9.1-EnterpriseOne-Server-JDENET-Denial-Of-Service.html	x_refsource_MISC
	http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html	x_refsource_CONFIRM
	https://www.onapsis.com/research/security-advisories/jd-edwards-jdenet-end-file-dos	x_refsource_MISC
	http://seclists.org/fulldisclosure/2016/Aug/128	mailing-list, x_refsource_FULLDISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:15:24.377Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1034722",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034722"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/138512/JD-Edwards-9.1-EnterpriseOne-Server-JDENET-Denial-Of-Service.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.onapsis.com/research/security-advisories/jd-edwards-jdenet-end-file-dos"
          },
          {
            "name": "20160825 Onapsis Security Advisory ONAPSIS-2016-014: JD Edwards JDENET function DoS",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2016/Aug/128"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Enterprise Infrastructure SEC."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-19T18:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "1034722",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034722"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/138512/JD-Edwards-9.1-EnterpriseOne-Server-JDENET-Denial-Of-Service.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.onapsis.com/research/security-advisories/jd-edwards-jdenet-end-file-dos"
        },
        {
          "name": "20160825 Onapsis Security Advisory ONAPSIS-2016-014: JD Edwards JDENET function DoS",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2016/Aug/128"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2016-0423",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Enterprise Infrastructure SEC."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1034722",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034722"
            },
            {
              "name": "http://packetstormsecurity.com/files/138512/JD-Edwards-9.1-EnterpriseOne-Server-JDENET-Denial-Of-Service.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/138512/JD-Edwards-9.1-EnterpriseOne-Server-JDENET-Denial-Of-Service.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
            },
            {
              "name": "https://www.onapsis.com/research/security-advisories/jd-edwards-jdenet-end-file-dos",
              "refsource": "MISC",
              "url": "https://www.onapsis.com/research/security-advisories/jd-edwards-jdenet-end-file-dos"
            },
            {
              "name": "20160825 Onapsis Security Advisory ONAPSIS-2016-014: JD Edwards JDENET function DoS",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2016/Aug/128"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2016-0423",
    "datePublished": "2016-01-21T02:00:00",
    "dateReserved": "2015-12-09T00:00:00",
    "dateUpdated": "2024-08-05T22:15:24.377Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted