The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Oracle Application Server: several vulnerabilities of April 2009

Synthesis of the vulnerability 

Several vulnerabilities are corrected by the CPU of April 2009.
Impacted products: Oracle AS, Oracle Portal.
Severity of this bulletin: 3/4.
Number of vulnerabilities in this bulletin: 12.
Creation date: 15/04/2009.
Références of this threat: CPUapr2009, CVE-2009-0974, CVE-2009-0983, CVE-2009-0989, CVE-2009-0990, CVE-2009-0993, CVE-2009-0994, CVE-2009-0996, CVE-2009-1008, CVE-2009-1009, CVE-2009-1010, CVE-2009-1011, CVE-2009-1017, VIGILANCE-VUL-8637, ZDI-09-017.

Description of the vulnerability 

The CPU (Critical Patch Update) of April 2009 corrects several vulnerabilities of Oracle Application Server. Oracle's announce contains a detailed table, summarized below.

An attacker can obtain or alter information or create a denial of service via a vulnerability of OPMN. [severity:3/4; CVE-2009-0993]

An attacker can obtain or alter information via a vulnerability of BI Publisher. [severity:3/4; CVE-2009-0989]

An attacker can obtain or alter information via a vulnerability of BI Publisher. [severity:3/4; CVE-2009-0990]

An attacker can obtain or alter information or create a denial of service via a vulnerability of Outside In Technology. [severity:3/4; CVE-2009-1008]

An attacker can obtain or alter information or create a denial of service via a vulnerability of Outside In Technology. [severity:3/4; CVE-2009-1009]

An attacker can obtain or alter information or create a denial of service via a vulnerability of Outside In Technology. [severity:3/4; CVE-2009-1010]

An attacker can obtain or alter information or create a denial of service via a vulnerability of Outside In Technology. [severity:3/4; CVE-2009-1011]

An attacker can alter information via a vulnerability of Portal. [severity:3/4; CVE-2009-0974]

An attacker can alter information via a vulnerability of Portal. [severity:3/4; CVE-2009-0983]

An attacker can obtain information via a vulnerability of BI Publisher. [severity:2/4; CVE-2009-0994]

An attacker can obtain information via a vulnerability of BI Publisher. [severity:2/4; CVE-2009-0996]

An attacker can obtain information via a vulnerability of BI Publisher. [severity:2/4; CVE-2009-1017]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This cybersecurity alert impacts software or systems such as Oracle AS, Oracle Portal.

Our Vigil@nce team determined that the severity of this weakness is important.

The trust level is of type confirmed by the editor, with an origin of internet client.

This bulletin is about 12 vulnerabilities.

An attacker with a expert ability can exploit this security weakness.

Solutions for this threat 

Oracle Application Server: CPU of April 2009.
The April 2009 CPU is corrected:
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=786800.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides networks vulnerabilities bulletins. The technology watch team tracks security threats targeting the computer system.