» 游客:  注册 | 登录 | 帮助  微点交流论坛 » 漏洞快报 » Oracle产品多个漏洞   作者: 标题: Oracle产品多个漏洞 pioneer 超级版主 积分 4563 发帖 4545 注册 2007-7-16 来自 BJ #1  Oracle产品多个漏洞 来源 secunia.com 软件名 BEA JRockit 1.x BEA WebLogic Event Server 2.x BEA WebLogic Server 10.x BEA WebLogic Server 7.x BEA WebLogic Server 8.x BEA WebLogic Server 9.x Oracle Application Server 10g Oracle Complex Event Processing 10.x Oracle Database 10.x Oracle Database 11.x Oracle E-Business Suite 11i Oracle E-Business Suite 12.x Oracle Enterprise Manager 10.x Oracle Enterprise Manager 11.x Oracle Identity Management 10g Oracle PeopleSoft Enterprise Human Resource Management System 8.x Oracle PeopleSoft Enterprise Human Resource Management System 9.x Oracle PeopleSoft Enterprise Tools 8.x Oracle Secure Backup 10.x Oracle Secure Enterprise Search 10.x Oracle Siebel Highly Interactive Client 7.x Oracle Siebel Highly Interactive Client 8.x Oracle9i Database Enterprise Edition Oracle9i Database Standard Edition 描述 1) JRockit中的多个漏洞可恶意导致拒绝服务或危害用户的系统 2) Oracle Complex Event Processing中的漏洞可导致泄漏敏感信息 3) Oracle WebLogic Server (Web Services Component) 和Oracle Secure Development Toolkit/Oracle Web Services Manager.处理特定XML签名文档时存在一个错误 剩下的漏洞可导致不特定的错误，目前没有更多详细信息 该漏洞在以下产品和相应的版本中已经报告 * Oracle Database 11g, version 11.1.0.6, 11.1.0.7 * Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4 * Oracle Database 10g, version 10.1.0.5 * Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV * Oracle Application Server 10g Release 2 (10.1.2), version 10.1.2.3.0 * Oracle Application Server 10g Release 3 (10.1.3), versions 10.1.3.3.0, 10.1.3.4.0 * Oracle Identity Management 10g, version 10.1.4.0.1, 10.1.4.2.0, 10.1.4.3.0 * Oracle E-Business Suite Release 12, version 12.1 * Oracle E-Business Suite Release 12, version 12.0.6 * Oracle E-Business Suite Release 11i, version 11.5.10.2 * Oracle Enterprise Manager Database Control 11, version 11.1.0.6, 11.1.0.7 * Oracle Enterprise Manager Grid Control 10g Release 4, version 10.2.0.4 * PeopleSoft Enterprise PeopleTools versions: 8.49 * PeopleSoft Enterprise HRMS versions: 8.9 and 9.0 * Siebel Highly Interactive Client versions: 7.5.3, 7.7.2, 7.8, 8.0, 8.1 * Oracle WebLogic Server 10.3, 10.0MP1 * Oracle WebLogic Server 9.0 GA, 9.1 GA, 9.2 through 9.2 MP3 * Oracle WebLogic Server 8.1 through 8.1 SP6 * Oracle WebLogic Server 7.0 through 7.0 SP7 * Oracle Complex Event Processing 10.3 and WebLogic Event Server 2.0 * Oracle JRockit R27.6.3 and earlier (JDK/JRE 6, 5, 1.4.2) * Oracle Secure Backup prior to version 10.2.0.3 * Oracle Secure Enterprise Search prior to version 10.1.8.3 解决方案 应用补丁（详见厂商建议细节） ※文章所有权归【pioneer】与【东方微点论坛】共同所有，转载请注明出处！※ 2009-8-28 16:54 论坛跳转: 微点软件公测区 安全快报  > 病毒快报  > 漏洞快报 微点产品在线技术支持  > 微点主动防御软件  > 预升级反馈专区  > 微点杀毒软件 微点用户交流区  > 微点新闻  > 微点软件使用交流  > 微点茶室 安全技术交流区  > 主动防御  > 反病毒  > 防火墙 综合区  > 电脑&数码  > 体育&娱乐&休闲  > 灌水区 版务管理 内部使用专区  可打印版本 | 推荐 | 订阅 | 收藏 [ 联系我们 - 东方微点 ] 北京东方微点信息技术有限责任公司 福建东方微点信息安全有限责任公司 闽ICP备05030815号