The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

threat announce CVE-2009-0974 CVE-2009-0983 CVE-2009-0989

Oracle Application Server: several vulnerabilities of April 2009

Synthesis of the vulnerability

Several vulnerabilities are corrected by the CPU of April 2009.
Severity of this bulletin: 3/4.
Number of vulnerabilities in this bulletin: 12.
Creation date: 15/04/2009.
Références of this threat: CPUapr2009, CVE-2009-0974, CVE-2009-0983, CVE-2009-0989, CVE-2009-0990, CVE-2009-0993, CVE-2009-0994, CVE-2009-0996, CVE-2009-1008, CVE-2009-1009, CVE-2009-1010, CVE-2009-1011, CVE-2009-1017, VIGILANCE-VUL-8637, ZDI-09-017.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The CPU (Critical Patch Update) of April 2009 corrects several vulnerabilities of Oracle Application Server. Oracle's announce contains a detailed table, summarized below.

An attacker can obtain or alter information or create a denial of service via a vulnerability of OPMN. [severity:3/4; CVE-2009-0993]

An attacker can obtain or alter information via a vulnerability of BI Publisher. [severity:3/4; CVE-2009-0989]

An attacker can obtain or alter information via a vulnerability of BI Publisher. [severity:3/4; CVE-2009-0990]

An attacker can obtain or alter information or create a denial of service via a vulnerability of Outside In Technology. [severity:3/4; CVE-2009-1008]

An attacker can obtain or alter information or create a denial of service via a vulnerability of Outside In Technology. [severity:3/4; CVE-2009-1009]

An attacker can obtain or alter information or create a denial of service via a vulnerability of Outside In Technology. [severity:3/4; CVE-2009-1010]

An attacker can obtain or alter information or create a denial of service via a vulnerability of Outside In Technology. [severity:3/4; CVE-2009-1011]

An attacker can alter information via a vulnerability of Portal. [severity:3/4; CVE-2009-0974]

An attacker can alter information via a vulnerability of Portal. [severity:3/4; CVE-2009-0983]

An attacker can obtain information via a vulnerability of BI Publisher. [severity:2/4; CVE-2009-0994]

An attacker can obtain information via a vulnerability of BI Publisher. [severity:2/4; CVE-2009-0996]

An attacker can obtain information via a vulnerability of BI Publisher. [severity:2/4; CVE-2009-1017]
Full Vigil@nce bulletin... (Free trial)

This cybersecurity alert impacts software or systems such as Oracle AS, Oracle Portal.

Our Vigil@nce team determined that the severity of this weakness is important.

The trust level is of type confirmed by the editor, with an origin of internet client.

This bulletin is about 12 vulnerabilities.

An attacker with a expert ability can exploit this security weakness.

Solutions for this threat

Oracle Application Server: CPU of April 2009.
The April 2009 CPU is corrected:
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=786800.1
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides networks vulnerabilities bulletins. The technology watch team tracks security threats targeting the computer system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.