安全漏洞:CN-VA09-94
发布日期:2009年10月22日
漏洞类型:远程执行代码、拒绝服务
漏洞评估:严重
受影响的软件:
* Oracle Database 11g, version 11.1.0.7
* Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4
* Oracle Database 10g, version 10.1.0.5
* Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV
* Oracle Application Server 10g Release 3 (10.1.3), versions 10.1.3.4.0, 10.1.3.5.0
* Oracle Application Server 10g Release 2 (10.1.2), version 10.1.2.3.0
* Oracle Business Intelligence Enterprise Edition, versions 10.1.3.4.0, 10.1.3.4.1
* Oracle E-Business Suite Release 12, versions 12.0.6, 12.1
* Oracle E-Business Suite Release 11i, version 11.5.10.2
* AutoVue, version 19.3
* Agile Engineering Data Management (EDM), version 6.1
* PeopleSoft PeopleTools & Enterprise Portal, version 8.49
* PeopleSoft Enterprise HCM (TAM), versions 8.9 and 9.0
* JDEdward Tools, version 8.98
* Oracle WebLogic Server 10.0 through MP1 and 10.3
* Oracle WebLogic Server 9.0 GA, 9.1 GA and 9.2 through 9.2 MP3
* Oracle WebLogic Server 8.1 through 8.1 SP5
* Oracle WebLogic Server 7.0 through 7.0 SP6
* Oracle WebLogic Portal, versions 8.1 through 8.1 SP6, 9.2 through 9.2 MP3, 10.0 through 10.0MP1, 10.2 through 10.2MP1 and 10.3 through 10.3.1
* Oracle JRockit R27.6.4 and earlier (JDK/JRE 6, 5, 1.4.2)
* Oracle Communications Order and Service Management, versions 2.8.0, 6.2.0, 6.3.0 and 6.3.1
漏洞描述:
Oracle发布了2009年10月的紧急补丁更新公告,修复了多个Oracle产品和组件中的38个漏洞。这些漏洞可能导致远程执行任意代码、信息泄露和拒绝服务攻击等严重后果。Oracle已经提供了补丁,CNCERT提醒广大用户及时下载更新。
参考信息:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html
http://www.oracle.com/technology/deploy/security/alerts.htm
http://www.oracle.com/technology/deploy/security/critical-patch-updates/public_vuln_to_advisory_mapping.html
信息提供者:
Oracle
其它信息:
相关CVE编号:
CVE-2009-1992、CVE-2009-1979、CVE-2009-1985、CVE-2009-1007、CVE-2009-1994、CVE-2009-2001、CVE-2009-1993、CVE-2009-1018、CVE-2009-1964、CVE-2009-1965、CVE-2009-1997、CVE-2009-2000、CVE-2009-1995、CVE-2009-1991、CVE-2009-1971、CVE-2009-1972、CVE-2009-1999、CVE-2009-3407、CVE-2009-1990、CVE-2009-3400、CVE-2009-3392、CVE-2009-3408、CVE-2009-3395、CVE-2009-3393、CVE-2009-3397、CVE-2009-3402、CVE-2009-3401、CVE-2009-3405、CVE-2009-3404、CVE-2009-3409、CVE-2009-3406、CVE-2009-3403、CVE-2009-0217、CVE-2009-2625、CVE-2009-2002、CVE-2009-3396、CVE-2009-3399、CVE-2009-1998
漏洞报告文档编写:
CNCERT/CC
安全公告文档编写:
CNCERT/CC