The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of iPlanet Web Proxy Server

computer threat announce CVE-2016-3473 CVE-2016-3505 CVE-2016-3551

Oracle Fusion Middleware: vulnerabilities of October 2016

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Fusion Middleware.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 17.
Creation date: 19/10/2016.
Identifiers: cpuoct2016, CVE-2016-3473, CVE-2016-3505, CVE-2016-3551, CVE-2016-5488, CVE-2016-5495, CVE-2016-5500, CVE-2016-5506, CVE-2016-5511, CVE-2016-5519, CVE-2016-5531, CVE-2016-5535, CVE-2016-5536, CVE-2016-5537, CVE-2016-5601, CVE-2016-5602, CVE-2016-5618, CVE-2016-8281, VIGILANCE-VUL-20908, ZDI-16-572.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle Fusion Middleware.

An attacker can use a vulnerability via JAXWS Web Services Stack, in order to obtain information, to alter information, or to trigger a denial of service. [severity:4/4; CVE-2016-3551]

An attacker can use a vulnerability via Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:4/4; CVE-2016-5535, ZDI-16-572]

An attacker can use a vulnerability via Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:4/4; CVE-2016-5531]

An attacker can use a vulnerability via Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-5519]

An attacker can use a vulnerability via Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3505]

An attacker can use a vulnerability via BI Publisher (formerly XML Publisher), in order to obtain information. [severity:3/4; CVE-2016-3473]

An attacker can use a vulnerability via Oracle Platform Security for Java, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-8281]

An attacker can use a vulnerability via Oracle Platform Security for Java, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-5536]

An attacker can use a vulnerability via Oracle Platform Security for Java, in order to obtain information. [severity:3/4; CVE-2016-5495]

An attacker can use a vulnerability via Oracle Discoverer, in order to obtain information. [severity:3/4; CVE-2016-5500]

An attacker can use a vulnerability via Oracle WebLogic Server, in order to obtain or alter information. [severity:2/4; CVE-2016-5601]

An attacker can use a vulnerability via NetBeans, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; CVE-2016-5537]

An attacker can use a vulnerability via Oracle Data Integrator, in order to obtain information. [severity:2/4; CVE-2016-5602]

An attacker can use a vulnerability via Oracle WebLogic Server, in order to trigger a denial of service. [severity:2/4; CVE-2016-5488]

An attacker can use a vulnerability via Oracle WebCenter Sites, in order to alter information. [severity:2/4; CVE-2016-5511]

An attacker can use a vulnerability via Oracle Data Integrator, in order to obtain information. [severity:1/4; CVE-2016-5618]

An attacker can use a vulnerability via Oracle Identity Manager, in order to obtain or alter information. [severity:1/4; CVE-2016-5506]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-2105 CVE-2016-2106 CVE-2016-2107

OpenSSL: six vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSL.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 6.
Creation date: 03/05/2016.
Identifiers: 1982949, 1985850, 1987779, 1993215, 1995099, 1998797, 2003480, 2003620, 2003673, 510853, 9010083, bulletinapr2016, bulletinapr2017, CERTFR-2016-AVI-151, CERTFR-2016-AVI-153, CERTFR-2018-AVI-160, cisco-sa-20160504-openssl, cpuapr2017, cpujan2018, cpujul2016, cpujul2017, cpujul2018, cpuoct2016, cpuoct2017, cpuoct2018, CTX212736, CTX233832, CVE-2016-2105, CVE-2016-2106, CVE-2016-2107, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, DLA-456-1, DSA-3566-1, ESA-2017-142, FEDORA-2016-05c567df1a, FEDORA-2016-1e39d934ed, FEDORA-2016-e1234b65a2, FG-IR-16-026, FreeBSD-SA-16:17.openssl, HPESBGN03728, HPESBHF03756, HT206903, JSA10759, K23230229, K36488941, K51920288, K75152412, K93600123, MBGSA-1603, MIGR-5099595, MIGR-5099597, NTAP-20160504-0001, openSUSE-SU-2016:1237-1, openSUSE-SU-2016:1238-1, openSUSE-SU-2016:1239-1, openSUSE-SU-2016:1240-1, openSUSE-SU-2016:1241-1, openSUSE-SU-2016:1242-1, openSUSE-SU-2016:1243-1, openSUSE-SU-2016:1273-1, openSUSE-SU-2016:1566-1, openSUSE-SU-2017:0487-1, PAN-SA-2016-0020, PAN-SA-2016-0028, RHSA-2016:0722-01, RHSA-2016:0996-01, RHSA-2016:1137-01, RHSA-2016:1648-01, RHSA-2016:1649-01, RHSA-2016:1650-01, RHSA-2016:2054-01, RHSA-2016:2055-01, RHSA-2016:2056-01, RHSA-2016:2073-01, SA123, SA40202, SB10160, SOL23230229, SOL36488941, SOL51920288, SOL75152412, SP-CAAAPPQ, SPL-119440, SPL-121159, SPL-123095, SSA:2016-124-01, STORM-2016-002, SUSE-SU-2016:1206-1, SUSE-SU-2016:1228-1, SUSE-SU-2016:1231-1, SUSE-SU-2016:1233-1, SUSE-SU-2016:1267-1, SUSE-SU-2016:1290-1, SUSE-SU-2016:1360-1, SUSE-SU-2018:0112-1, TNS-2016-10, USN-2959-1, VIGILANCE-VUL-19512, VN-2016-006, VN-2016-007.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in OpenSSL.

An attacker can act as a Man-in-the-Middle and use the AES CBC algorithm with a server supporting AES-NI, in order to read or write data in the session. This vulnerability was initially fixed in versions 1.0.1o and 1.0.2c, but it was not disclosed at that time. [severity:3/4; CVE-2016-2108]

An attacker can act as a Man-in-the-Middle and use the AES CBC algorithm with a server supporting AES-NI, in order to read or write data in the session. [severity:3/4; CVE-2016-2107]

An attacker can generate a buffer overflow in EVP_EncodeUpdate(), which is mainly used by command line applications, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2105]

An attacker can generate a buffer overflow in EVP_EncryptUpdate(), which is difficult to reach, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2106]

An attacker can trigger an excessive memory usage in d2i_CMS_bio(), in order to trigger a denial of service. [severity:2/4; CVE-2016-2109]

An attacker can force a read at an invalid address in applications using X509_NAME_oneline(), in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-2176]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2014-3576 CVE-2015-3195 CVE-2015-3197

Oracle Fusion Middleware: multiple vulnerabilities of April 2016

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Fusion Middleware.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 16.
Creation date: 20/04/2016.
Identifiers: cpuapr2016, CVE-2014-3576, CVE-2015-3195, CVE-2015-3197, CVE-2015-3253, CVE-2015-7182, CVE-2015-7547, CVE-2016-0468, CVE-2016-0479, CVE-2016-0638, CVE-2016-0671, CVE-2016-0675, CVE-2016-0688, CVE-2016-0696, CVE-2016-0700, CVE-2016-3416, CVE-2016-3455, TALOS-2016-0086, VIGILANCE-VUL-19415.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle Fusion Middleware.

An attacker can use a vulnerability of Oracle GlassFish Server, Oracle OpenSSO, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server or Oracle Traffic Director, in order to obtain information, to alter information, or to trigger a denial of service (VIGILANCE-VUL-18237). [severity:4/4; CVE-2015-7182]

An attacker can use a vulnerability of Oracle WebCenter Sites, in order to obtain information, to alter information, or to trigger a denial of service (VIGILANCE-VUL-17973). [severity:4/4; CVE-2015-3253]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:4/4; CVE-2016-0638]

An attacker can use a vulnerability of Oracle Outside In Technology, in order to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3455, TALOS-2016-0086]

An attacker can use a vulnerability of Oracle Exalogic Infrastructure, in order to obtain information, to alter information, or to trigger a denial of service (VIGILANCE-VUL-18956). [severity:3/4; CVE-2015-7547]

An attacker can use a vulnerability of Oracle BI Publisher, in order to trigger a denial of service (VIGILANCE-VUL-17610). [severity:3/4; CVE-2014-3576]

An attacker can use a vulnerability of Oracle Business Intelligence Enterprise Edition, in order to obtain or alter information. [severity:3/4; CVE-2016-0479]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain or alter information. [severity:3/4; CVE-2016-0675]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain or alter information. [severity:3/4; CVE-2016-0700]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain or alter information. [severity:3/4; CVE-2016-3416]

An attacker can use a vulnerability of Oracle Exalogic Infrastructure or Oracle Tuxedo, in order to obtain information (VIGILANCE-VUL-18837). [severity:2/4; CVE-2015-3197]

An attacker can use a vulnerability of Oracle Business Intelligence Enterprise Edition, in order to obtain or alter information. [severity:2/4; CVE-2016-0468]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain or alter information. [severity:2/4; CVE-2016-0696]

An attacker can use a vulnerability of Oracle API Gateway or Oracle Exalogic Infrastructure, in order to trigger a denial of service (VIGILANCE-VUL-18436). [severity:2/4; CVE-2015-3195]

An attacker can use a vulnerability of Oracle HTTP Server, in order to obtain information. [severity:1/4; CVE-2016-0671]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to alter information. [severity:1/4; CVE-2016-0688]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-1950 CVE-2016-1979

Mozilla NSS: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Mozilla NSS.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 09/03/2016.
Identifiers: cpujul2017, cpuoct2016, cpuoct2017, CVE-2016-1950, CVE-2016-1979, DLA-480-1, DSA-3688-1, K20145801, K91100352, MFSA-2016-35, MFSA-2016-36, openSUSE-SU-2016:0731-1, openSUSE-SU-2016:0733-1, RHSA-2016:0370-01, RHSA-2016:0371-01, RHSA-2016:0495-01, RHSA-2016:0591-01, RHSA-2016:0684-01, RHSA-2016:0685-01, SA119, SOL20145801, SOL91100352, SSA:2016-069-02, SUSE-SU-2016:0727-1, SUSE-SU-2016:0777-1, SUSE-SU-2016:0820-1, SUSE-SU-2016:0909-1, SUSE-SU-2017:1175-1, SUSE-SU-2017:1248-1, USN-2924-1, VIGILANCE-VUL-19134.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Mozilla NSS.

An attacker can generate a buffer overflow in ASN1 Certificate Parsing, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1950, MFSA-2016-35]

An attacker can force the usage of a freed memory area in PK11_ImportDERPrivateKeyInfoAndReturnKey(), in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1979, MFSA-2016-36]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2015-4852 CVE-2015-6420 CVE-2015-6934

Apache Commons Collections: code execution via InvokerTransformer

Synthesis of the vulnerability

An attacker can send a malicious serialized Gadget Chain object to a Java application using Apache Commons Collections, in order to run shell code.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 12.
Creation date: 12/11/2015.
Identifiers: 1610582, 1970575, 1971370, 1971531, 1971533, 1971751, 1972261, 1972373, 1972565, 1972794, 1972839, 2011281, 7014463, 7022958, 9010052, BSA-2016-004, bulletinjul2016, c04953244, c05050545, c05206507, c05325823, c05327447, CERTFR-2015-AVI-484, CERTFR-2015-AVI-555, cisco-sa-20151209-java-deserialization, COLLECTIONS-580, cpuapr2017, cpuapr2018, cpujan2017, cpujan2018, cpujul2017, cpuoct2016, cpuoct2017, cpuoct2018, CVE-2015-4852, CVE-2015-6420, CVE-2015-6934, CVE-2015-7420-ERROR, CVE-2015-7450, CVE-2015-7501, CVE-2015-8545, CVE-2015-8765, CVE-2016-1985, CVE-2016-1997, CVE-2016-4373, CVE-2016-4398, DSA-3403-1, HPSBGN03542, HPSBGN03560, HPSBGN03630, HPSBGN03656, HPSBGN03670, JSA10838, NTAP-20151123-0001, RHSA-2015:2500-01, RHSA-2015:2501-01, RHSA-2015:2502-01, RHSA-2015:2516-01, RHSA-2015:2517-01, RHSA-2015:2521-01, RHSA-2015:2522-01, RHSA-2015:2523-01, RHSA-2015:2524-01, RHSA-2015:2534-01, RHSA-2015:2535-01, RHSA-2015:2536-01, RHSA-2015:2537-01, RHSA-2015:2538-01, RHSA-2015:2539-01, RHSA-2015:2540-01, RHSA-2015:2541-01, RHSA-2015:2542-01, RHSA-2015:2547-01, RHSA-2015:2548-01, RHSA-2015:2556-01, RHSA-2015:2557-01, RHSA-2015:2559-01, RHSA-2015:2560-01, RHSA-2015:2578-01, RHSA-2015:2579-01, RHSA-2015:2670-01, RHSA-2015:2671-01, RHSA-2016:0040-01, RHSA-2016:0118-01, SA110, SB10144, SOL30518307, VIGILANCE-VUL-18294, VMSA-2015-0009, VMSA-2015-0009.1, VMSA-2015-0009.2, VMSA-2015-0009.3, VMSA-2015-0009.4, VU#576313.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Apache Commons Collections library is used by several Java applications.

A Java Gadgets ("gadget chains") object can contain Transformers, with an "exec" string containing a shell command which is run with the Java.lang.Runtime.exec() method. When raw data are unserialized, the readObject() method is thus called to rebuild the Gadgets object, and it uses InvokerTransformer, which runs the indicated shell command.

It can be noted that other classes (CloneTransformer, ForClosure, InstantiateFactory, InstantiateTransformer, PrototypeCloneFactory, PrototypeSerializationFactory, WhileClosure) also execute a shell command from raw data to deserialize.

However, several applications publicly expose (before authentication) the Java unserialization feature.

An attacker can therefore send a malicious serialized Gadget Chain object to a Java application using Apache Commons Collections, in order to run shell code.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2015-3253

Apache Groovy: code execution via MethodClosure

Synthesis of the vulnerability

An attacker can use a vulnerability in MethodClosure of Apache Groovy, in order to run code.
Severity: 2/4.
Creation date: 24/09/2015.
Identifiers: c05324755, cpuapr2019, cpujan2018, cpujul2017, cpuoct2016, cpuoct2017, CVE-2015-3253, FEDORA-2015-15907, FEDORA-2017-6a0389a6a7, FEDORA-2017-9899aba20e, HPSBGN03669, RHSA-2015:2556-01, RHSA-2015:2557-01, RHSA-2015:2558-01, RHSA-2016:0066-01, RHSA-2016:0118-01, RHSA-2017:2596-01, SA110, VIGILANCE-VUL-17973.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability in MethodClosure of Apache Groovy, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2013-2186 CVE-2014-1568 CVE-2014-1569

Oracle Fusion: several vulnerabilities of July 2015

Synthesis of the vulnerability

Several vulnerabilities of Oracle Fusion were announced in July 2015.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 39.
Creation date: 15/07/2015.
Identifiers: 1962107, cpujul2015, CVE-2013-2186, CVE-2014-1568, CVE-2014-1569, CVE-2014-3566, CVE-2014-3567, CVE-2014-3571, CVE-2014-7809, CVE-2015-0286, CVE-2015-0443, CVE-2015-0444, CVE-2015-0445, CVE-2015-0446, CVE-2015-1926, CVE-2015-2593, CVE-2015-2598, CVE-2015-2602, CVE-2015-2603, CVE-2015-2604, CVE-2015-2605, CVE-2015-2606, CVE-2015-2623, CVE-2015-2634, CVE-2015-2635, CVE-2015-2636, CVE-2015-2658, CVE-2015-4742, CVE-2015-4744, CVE-2015-4745, CVE-2015-4747, CVE-2015-4751, CVE-2015-4758, CVE-2015-4759, VIGILANCE-VUL-17373.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle Fusion.

An attacker can use a vulnerability of Oracle Business Intelligence Enterprise Edition, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2013-2186]

An attacker can use a vulnerability of Oracle Directory Server Enterprise Edition, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-1568]

An attacker can use a vulnerability of Oracle Endeca Information Discovery Studio, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4745]

An attacker can use a vulnerability of Oracle Endeca Information Discovery Studio, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2603]

An attacker can use a vulnerability of Oracle Endeca Information Discovery Studio, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2602]

An attacker can use a vulnerability of Oracle Endeca Information Discovery Studio, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2604]

An attacker can use a vulnerability of Oracle Endeca Information Discovery Studio, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2605]

An attacker can use a vulnerability of Oracle Endeca Information Discovery Studio, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2606]

An attacker can use a vulnerability of Oracle GlassFish Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-1569]

An attacker can use a vulnerability of Oracle OpenSSO, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-1568]

An attacker can use a vulnerability of Oracle Traffic Director, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-1568]

An attacker can use a vulnerability of Oracle iPlanet Web Proxy Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-1569]

An attacker can use a vulnerability of Oracle iPlanet Web Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-1569]

An attacker can use a vulnerability of Oracle Access Manager, in order to obtain or alter information. [severity:3/4; CVE-2015-2593]

An attacker can use a vulnerability of Oracle Tuxedo, in order to trigger a denial of service. [severity:3/4; CVE-2014-3567]

An attacker can use a vulnerability of Oracle Data Integrator, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0443]

An attacker can use a vulnerability of Oracle Data Integrator, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0444]

An attacker can use a vulnerability of Oracle Data Integrator, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0445]

An attacker can use a vulnerability of Oracle Data Integrator, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0446]

An attacker can use a vulnerability of Oracle Data Integrator, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4759]

An attacker can use a vulnerability of Oracle Data Integrator, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4758]

An attacker can use a vulnerability of Oracle Data Integrator, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2634]

An attacker can use a vulnerability of Oracle Data Integrator, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2635]

An attacker can use a vulnerability of Oracle Data Integrator, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-2636]

An attacker can use a vulnerability of Oracle Event Processing, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-4747]

An attacker can use a vulnerability of Oracle WebCenter Sites, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-7809]

An attacker can use a vulnerability of Oracle WebCenter Portal, in order to obtain or alter information. [severity:2/4; CVE-2015-1926]

An attacker can use a vulnerability of Oracle Access Manager, in order to trigger a denial of service. [severity:2/4; CVE-2015-4751]

An attacker can use a vulnerability of Oracle Exalogic Infrastructure, in order to trigger a denial of service. [severity:2/4; CVE-2015-0286]

An attacker can use a vulnerability of Oracle JDeveloper, in order to trigger a denial of service. [severity:2/4; CVE-2015-4742]

An attacker can use a vulnerability of Oracle Tuxedo, in order to trigger a denial of service. [severity:2/4; CVE-2014-3571]

An attacker can use a vulnerability of Oracle Tuxedo, in order to trigger a denial of service. [severity:2/4; CVE-2015-0286]

An attacker can use a vulnerability of Web Cache, in order to obtain information. [severity:2/4; CVE-2015-2658]

An attacker can use a vulnerability of Oracle GlassFish Server, in order to alter information. [severity:2/4; CVE-2015-2623]

An attacker can use a vulnerability of Oracle Tuxedo, in order to obtain information. [severity:2/4; CVE-2014-3566]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to alter information. [severity:2/4; CVE-2015-2623]

An attacker can use a vulnerability of Oracle Business Intelligence Enterprise Edition, in order to alter information. [severity:2/4; CVE-2015-2598]

An attacker can use a vulnerability of Oracle GlassFish Server, in order to alter information. [severity:1/4; CVE-2015-4744]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to alter information. [severity:1/4; CVE-2015-4744]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2013-4286 CVE-2013-4545 CVE-2014-0050

Oracle Fusion: several vulnerabilities of April 2015

Synthesis of the vulnerability

Several vulnerabilities of Oracle Fusion were announced in April 2015.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 13.
Creation date: 15/04/2015.
Identifiers: cpuapr2015, CVE-2013-4286, CVE-2013-4545, CVE-2014-0050, CVE-2014-0112, CVE-2014-1568, CVE-2014-3571, CVE-2015-0235, CVE-2015-0449, CVE-2015-0450, CVE-2015-0451, CVE-2015-0456, CVE-2015-0461, CVE-2015-0482, VIGILANCE-VUL-16610.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle Fusion.

An attacker can use a vulnerability of Oracle Exalogic Infrastructure, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0235]

An attacker can use a vulnerability of Oracle GlassFish Server, Oracle iPlanet Web Proxy Server or Oracle iPlanet Web Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-1568]

An attacker can use a vulnerability of Oracle Access Manager, in order to obtain or alter information. [severity:3/4; CVE-2015-0461]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2015-0482]

An attacker can use a vulnerability of Oracle GoldenGate Monitor, in order to obtain or alter information. [severity:2/4; CVE-2013-4286]

An attacker can use a vulnerability of Oracle Exalogic Infrastructure, in order to trigger a denial of service. [severity:2/4; CVE-2014-3571]

An attacker can use a vulnerability of Oracle WebCenter Sites, in order to alter information. [severity:2/4; CVE-2014-0112]

An attacker can use a vulnerability of Oracle WebCenter Sites, in order to trigger a denial of service. [severity:2/4; CVE-2014-0050]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to alter information. [severity:2/4; CVE-2015-0449]

An attacker can use a vulnerability of Oracle GlassFish Server, in order to alter information. [severity:2/4; CVE-2013-4545]

An attacker can use a vulnerability of Oracle WebCenter Portal, in order to alter information. [severity:2/4; CVE-2015-0456]

An attacker can use a vulnerability of Oracle WebCenter Portal, in order to alter information. [severity:2/4; CVE-2015-0450]

An attacker can use a vulnerability of Oracle OpenSSO, in order to obtain information. [severity:2/4; CVE-2015-0451]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2013-1620 CVE-2013-1739 CVE-2013-1740

Oracle Fusion: several vulnerabilities of July 2014

Synthesis of the vulnerability

Several vulnerabilities of Oracle Fusion were announced in July 2014.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 26.
Creation date: 16/07/2014.
Identifiers: CERTFR-2014-AVI-313, cpujul2014, CVE-2013-1620, CVE-2013-1739, CVE-2013-1740, CVE-2013-1741, CVE-2013-5605, CVE-2013-5606, CVE-2013-5855, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-2479, CVE-2014-2480, CVE-2014-2481, CVE-2014-2493, CVE-2014-4201, CVE-2014-4202, CVE-2014-4210, CVE-2014-4211, CVE-2014-4212, CVE-2014-4217, CVE-2014-4222, CVE-2014-4241, CVE-2014-4242, CVE-2014-4249, CVE-2014-4251, CVE-2014-4253, CVE-2014-4254, CVE-2014-4255, CVE-2014-4256, CVE-2014-4257, CVE-2014-4267, VIGILANCE-VUL-15052.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle Fusion.

Several vulnerabilities impact NSS (VIGILANCE-VUL-13598, VIGILANCE-VUL-13789, VIGILANCE-VUL-14099, VIGILANCE-VUL-14456) in Oracle GlassFish Server, Oracle iPlanet Web Proxy Server and Oracle iPlanet Web Server. [severity:3/4; CVE-2013-1739, CVE-2013-1740, CVE-2013-1741, CVE-2013-5605, CVE-2013-5606, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492]

An attacker can use a vulnerability of Oracle WebCenter Portal, in order to obtain information. [severity:3/4; CVE-2014-4257]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2481]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2480]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-4255]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-4254]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2479]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-4267]

An attacker can use a vulnerability of Oracle JDeveloper, in order to obtain information, or to trigger a denial of service. [severity:3/4; CVE-2014-2493]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain or alter information. [severity:3/4; CVE-2014-4256]

An attacker can use a vulnerability of BI Publisher, in order to obtain information. [severity:2/4; CVE-2014-4249]

An attacker can use a vulnerability of Oracle WebCenter Portal, in order to alter information. [severity:2/4; CVE-2014-4211]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to trigger a denial of service. [severity:2/4; CVE-2014-4201]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to trigger a denial of service. [severity:2/4; CVE-2014-4202]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to obtain information. [severity:2/4; CVE-2014-4210]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to trigger a denial of service. [severity:2/4; CVE-2014-4253]

An attacker can use a vulnerability of GlassFish Communications Server, in order to obtain information. [severity:2/4; CVE-2013-1620]

An attacker can use a vulnerability of Oracle Fusion Middleware, in order to obtain information. [severity:2/4; CVE-2014-4212]

An attacker can use a vulnerability of Oracle GlassFish Server, in order to alter information. [severity:2/4; CVE-2013-5855]

An attacker can use a vulnerability of Oracle JDeveloper, in order to alter information. [severity:2/4; CVE-2013-5855]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to alter information. [severity:2/4; CVE-2014-4242]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to alter information. [severity:2/4; CVE-2014-4217]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to alter information. [severity:2/4; CVE-2014-4241]

An attacker can use a vulnerability of Oracle WebLogic Server, in order to alter information. [severity:2/4; CVE-2013-5855]

An attacker can use a vulnerability of Oracle HTTP Server, in order to alter information. [severity:2/4; CVE-2014-4251]

An attacker can use a vulnerability of Oracle HTTP Server, in order to obtain information. [severity:1/4; CVE-2014-4222]
Full Vigil@nce bulletin... (Free trial)

weakness note CVE-2007-0009 CVE-2007-1858 CVE-2012-3499

Oracle Fusion: several vulnerabilities of January 2014

Synthesis of the vulnerability

Several vulnerabilities of Oracle Fusion were announced in January 2014.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 19.
Creation date: 15/01/2014.
Identifiers: BID-64815, BID-64819, BID-64822, BID-64827, BID-64829, BID-64830, BID-64835, BID-64838, BID-64842, CERTA-2014-AVI-022, cpujan2014, CVE-2007-0009, CVE-2007-1858, CVE-2012-3499, CVE-2012-3544, CVE-2012-4605, CVE-2013-1620, CVE-2013-1654, CVE-2013-1862, CVE-2013-4316, CVE-2013-5785, CVE-2013-5808, CVE-2013-5869, CVE-2013-5900, CVE-2013-5901, CVE-2014-0374, CVE-2014-0383, CVE-2014-0391, CVE-2014-0400, VIGILANCE-VUL-14089.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle Fusion.

An attacker can use a vulnerability of Oracle WebCenter Sites, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2013-4316]

An attacker can use a vulnerability of Oracle Reports Developer, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64819, CVE-2013-5785]

An attacker can use a vulnerability of Oracle HTTP Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2007-0009]

An attacker can use a vulnerability of Oracle Internet Directory, in order to obtain information. [severity:3/4; BID-64822, CVE-2014-0400]

An attacker can use a vulnerability of Oracle HTTP Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; CVE-2013-1862]

An attacker can use a vulnerability of Oracle Enterprise Data Quality, in order to trigger a denial of service. [severity:2/4; CVE-2012-3544]

An attacker can use a vulnerability of Oracle HTTP Server, in order to alter information. [severity:2/4; CVE-2013-1654]

An attacker can use a vulnerability of Oracle HTTP Server, in order to obtain information. [severity:2/4; CVE-2012-4605]

An attacker can use a vulnerability of Oracle Identity Manager, in order to obtain information. [severity:2/4; BID-64829, CVE-2014-0391]

An attacker can use a vulnerability of Oracle WebCenter Portal, in order to obtain information. [severity:2/4; BID-64835, CVE-2013-5869]

An attacker can use a vulnerability of Oracle GlassFish Server, in order to obtain information. [severity:2/4; CVE-2013-1620]

An attacker can use a vulnerability of Oracle HTTP Server, in order to alter information. [severity:2/4; CVE-2012-3499]

An attacker can use a vulnerability of Oracle Identity Manager, in order to alter information. [severity:2/4; BID-64838, CVE-2013-5900]

An attacker can use a vulnerability of Oracle Identity Manager, in order to obtain information. [severity:2/4; BID-64815, CVE-2013-5901]

An attacker can use a vulnerability of Oracle Portal, in order to alter information. [severity:2/4; BID-64830, CVE-2014-0374]

An attacker can use a vulnerability of Oracle Traffic Director, Oracle iPlanet Web Server and Oracle iPlanet Web Proxy Server, in order to obtain information. [severity:2/4; CVE-2013-1620]

An attacker can use a vulnerability of Oracle Identity Manager, in order to obtain information. [severity:2/4; BID-64842, CVE-2014-0383]

An attacker can use a vulnerability of Oracle HTTP Server, in order to obtain information. [severity:1/4; CVE-2007-1858]

An attacker can use a vulnerability of Oracle iPlanet Web Proxy Server, in order to obtain information. [severity:1/4; BID-64827, CVE-2013-5808]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about iPlanet Web Proxy Server: