| VID |
25087 |
| Severity |
40 |
| Port |
1521, ... |
| Protocol |
TCP |
| Class |
DB |
| Detailed Description |
The remote Oracle database server is missing the January 2010 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components :
- Listener
- Oracle OLAP
- Application Express Application Builder
- Oracle Data Pump
- Oracle Spatial
- Logical Standby
- RDBMS
- Oracle Spatial
- Unzip
* Note: This check solely relied on the version number of the remote Oracle Database server to assess this vulnerability, so this might be a false positive.
* References:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html
* Platforms Affected:
Oracle Database 11g, version 11.1.0.7
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4
Oracle Database 10g, version 10.1.0.5
Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV
Oracle Application Server 10g Release 3 (10.1.3), versions 10.1.3.4.0, 10.1.3.5*, 10.1.3.5.1*
Oracle Application Server 10g Release 2 (10.1.2), version 10.1.2.3.0
Oracle Access Manager versions 7.0.4.3, 10.1.4.2
Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.5, 12.0.6, 12.1.1 and 12.1.2
Oracle E-Business Suite Release 11i, version 11.5.10.2
PeopleSoft Enterprise HCM (TAM), versions 8.9 and 9.0.
Oracle WebLogic Server 10.0 through MP2, 10.3.0 and 10.3.1
Oracle WebLogic Server 9.0 GA, 9.1 GA and 9.2 through 9.2 MP3
Oracle WebLogic Server 8.1 through 8.1 SP6
Oracle WebLogic Server 7.0 through 7.0 SP7
Oracle JRockit R27.6.5 and earlier (JDK/JRE 6, 5, 1.4.2)
Primavera P6 Enterprise Project Portfolio Management 6.1, 6.2.1 and 7.0
Primavera P6 Web Services 6.2.1, 7.0 and 7.0SP1
Microsoft Windows Any version
Linux Any version
Unix Any version |
| Recommendation |
Oracle has released a Critical Patch Update to address these issues. Information regarding obtaining and applying an appropriate patch can be found in the Oracle Critical Patch Update Advisory dated January 2010 at http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html |
| Related URL |
CVE-2009-1996,CVE-2009-3410,CVE-2009-3411,CVE-2009-3412,CVE-2009-3413,CVE-2009-3414,CVE-2009-3415,CVE-2010-0071,CVE-2010-0072 (CVE) |
| Related URL |
37728,37729,37730,37731,37733,37738,37740,37743,37745 (SecurityFocus) |
| Related URL |
(ISS) |
|
