---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Oracle Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA35776 VERIFY ADVISORY: http://secunia.com/advisories/35776/ DESCRIPTION: Some vulnerabilities and a security issue have been reported in various Oracle products. Some have unknown impacts, others can be exploited by malicious people to cause a DoS (Denial of Service), conduct spoofing attacks, disclose sensitive information, or compromise a vulnerable system. 1) Multiple vulnerabilities in JRockit can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system. For more information: SA34451 2) A vulnerability in Oracle Complex Event Processing can be exploited to disclose sensitive information. For more information see vulnerability #1 in: SA34975 3) An error exists within the processing of certain XML Signature documents within Oracle WebLogic Server (Web Services Component) and Oracle Secure Development Toolkit/Oracle Web Services Manager. For more information, see security issue #4 in: SA34461 The remaining vulnerabilities are caused due to unspecified errors. No more information is currently available. The vulnerabilities are reported in the following products and versions: * Oracle Database 11g, version 11.1.0.6, 11.1.0.7 * Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4 * Oracle Database 10g, version 10.1.0.5 * Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV * Oracle Application Server 10g Release 2 (10.1.2), version 10.1.2.3.0 * Oracle Application Server 10g Release 3 (10.1.3), versions 10.1.3.3.0, 10.1.3.4.0 * Oracle Identity Management 10g, version 10.1.4.0.1, 10.1.4.2.0, 10.1.4.3.0 * Oracle E-Business Suite Release 12, version 12.1 * Oracle E-Business Suite Release 12, version 12.0.6 * Oracle E-Business Suite Release 11i, version 11.5.10.2 * Oracle Enterprise Manager Database Control 11, version 11.1.0.6, 11.1.0.7 * Oracle Enterprise Manager Grid Control 10g Release 4, version 10.2.0.4 * PeopleSoft Enterprise PeopleTools versions: 8.49 * PeopleSoft Enterprise HRMS versions: 8.9 and 9.0 * Siebel Highly Interactive Client versions: 7.5.3, 7.7.2, 7.8, 8.0, 8.1 * Oracle WebLogic Server 10.3, 10.0MP1 * Oracle WebLogic Server 9.0 GA, 9.1 GA, 9.2 through 9.2 MP3 * Oracle WebLogic Server 8.1 through 8.1 SP6 * Oracle WebLogic Server 7.0 through 7.0 SP7 * Oracle Complex Event Processing 10.3 and WebLogic Event Server 2.0 * Oracle JRockit R27.6.3 and earlier (JDK/JRE 6, 5, 1.4.2) * Oracle Secure Backup prior to version 10.2.0.3 * Oracle Secure Enterprise Search prior to version 10.1.8.3 SOLUTION: Apply patches (please see the vendor's advisory). PROVIDED AND/OR DISCOVERED BY: The vendor credits: * Anonymous of TippingPoint (3com) * Esteban Martinez Fayo of Application Security, Inc. * Kowsik Guruswamy of Mu Security * Joxean Koret * Alexander Kornbrust of Red Database Security * David Litchfield of NGS Software * Oleg P. of HSC Security Portal * Alexandr Polyakov of Digital Security * noderat ratty * Dennis Yurichev CHANGELOG: 2009-07-15: Updated advisory to include security issue #3. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html OTHER REFERENCES: SA34451: http://secunia.com/advisories/34451/ SA34461: http://secunia.com/advisories/34461/ SA34975: http://secunia.com/advisories/34975/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------