Secunia Security Advisory - Multiple vulnerabilities have been reported in Oracle Fusion Middleware products, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, or cause a DoS (Denial of Service).
b00d7516e72946b916bb848469e83112a20dbefd58c089ab4f5e96fa9659e73f
----------------------------------------------------------------------
Secunia CSI
+ Microsoft SCCM
-----------------------
= Extensive Patch Management
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
----------------------------------------------------------------------
TITLE:
Oracle Fusion Middleware Products Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA39439
VERIFY ADVISORY:
http://secunia.com/advisories/39439/
DESCRIPTION:
Multiple vulnerabilities have been reported in Oracle Fusion
Middleware products, which can be exploited by malicious people to
disclose potentially sensitive information, manipulate certain data,
or cause a DoS (Denial of Service).
1) An error in the Oracle Internet Directory component can be
exploited to disclose or manipulate certain data.
2) Another error in the Oracle Internet Directory component can be
exploited to cause a DoS.
3) An error in the Portal component can be exploited to cause a DoS.
4) An error in the Portal component can be exploited to manipulate
certain data.
5) Another error in the Portal component can be exploited to
manipulate certain data.
The vulnerabilities are reported in the following products and
versions:
* Oracle Application Server 10gR2, version 10.1.2.3.0
* Oracle Identity Management 10g, version 10.1.4.0.1 and 10.1.4.3
NOTE: This CPU also includes a security fix for a previously reported
vulnerability in Oracle WebLogic Server.
For more information:
SA38473
SOLUTION:
Apply patches (please see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
It is currently unclear who reported these vulnerabilities as the
Oracle Critical Patch Update for April 2010 only provides a bundled
list of credits. This section will be updated when/if the original
reporter provides more information.
ORIGINAL ADVISORY:
Oracle:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2010.html
OTHER REFERENCES:
SA38473:
http://secunia.com/advisories/38473/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------