| VID |
25043 |
| Severity |
40 |
| Port |
1521, ... |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The Oracle Database server, according to its version number, has multiple vulnerabilities.
Oracle Database and Application Servers and Oracle Collaboration Suite are vulnerable to multiple vulnerabilities that can modify data or obtain sensitive information. Some issues may permit unauthenticated remote attackers to execute arbitrary code or cause a denial of service in some circumstances.
* Note: This check solely relied on the version number of the remote Oracle Database server to assess this vulnerability, so this might be a false positive.
* References:
http://www.oracle.com/technology/deploy/security/pdf/cpu-jan-2005_advisory.pdf
http://archives.neohapsis.com/archives/fulldisclosure/2005-01/0626.html
http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0042.html
http://secunia.com/advisories/13862/
http://www.integrigy.com/alerts/OraCPU0105.htm
http://www.integrigy.com/alerts/ReportsServer_APPS_Disclosure.htm
http://www.petefinnigan.com/directory_traversal.pdf
* Platforms Affected:
Oracle Corporation, Oracle Collaboration Suite Release 2 9.0.4.2
Oracle Corporation, Oracle10g Application Server 9.0.4
Oracle Corporation, Oracle10g Application Server 9.0.4.0
Oracle Corporation, Oracle10g Application Server 9.0.4.1
Oracle Corporation, Oracle10g Application Server Release 2 10.1.2
Oracle Corporation, Oracle10g Database Server Release 1 10.1.0.2
Oracle Corporation, Oracle10g Database Server Release 1 10.1.0.3
Oracle Corporation, Oracle10g Database Server Release 1 10.1.0.3.1
Oracle Corporation, Oracle8i Database Server 8.0.6
Oracle Corporation, Oracle8i Database Server 8.0.6.3
Oracle Corporation, Oracle8i Database Server Release 3 8.1.7.4
Oracle Corporation, Oracle9i Application Server Release 1 1.0.2.2
Oracle Corporation, Oracle9i Application Server Release 2 9.0.2.3
Oracle Corporation, Oracle9i Application Server Release 2 9.0.3.1
Oracle Corporation, Oracle9i Database Server Release 1 9.0.1.4
Oracle Corporation, Oracle9i Database Server Release 1 9.0.1.5
Oracle Corporation, Oracle9i Database Server Release 1 9.0.4
Oracle Corporation, Oracle9i Database Server Release 2 9.2.0.4
Oracle Corporation, Oracle9i Database Server Release 2 9.2.0.5
Oracle Corporation, Oracle9i Database Server Release 2 9.2.0.6
Microsoft Windows Any version
Linux Any version
Unix Any version |
| Recommendation |
Oracle has released a Critical Patch Update to address these issues. Information regarding obtaining and applying an appropriate patch can be found in the Oracle Critical Patch Update Advisory dated January 2005 at http://www.oracle.com/technology/deploy/security/pdf/cpu-jan-2005_advisory.pdf |
| Related URL |
CVE-2005-0298,CVE-2004-1364,CVE-2004-0637,CVE-2004-0638,CVE-2004-0200,CVE-2005-0297,CVE-2005-0298,CVE-2005-0701 (CVE) |
| Related URL |
12301,10871,11120,11099,11100,11091,12296 (SecurityFocus) |
| Related URL |
18953,18957,18958,18959,18960,18961,18962,18963,18964,18965 (ISS) |
|
