This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:ORACLE:SRV-OPMN-FS
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Oracle Application Server 10g OPMN Service Format String Vulnerability
|
Release Date |
2010/10/25
|
Update Number |
1798
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Oracle Application Server 10g OPMN Service Format String Vulnerability
This signature detects attempts to exploit a known format string vulnerability in Oracle Application Server. It is due to improper handling of user data when logging the events. A remote attacker can exploit this by sending specially crafted request to the target system. A successful attack can allow remote code execution.
Extended Description
Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software:
Oracle Database
Oracle Audit Vault
Oracle Application Server
Oracle Outside In SDK HTML Export
Oracle XML Publisher
Oracle BI Publisher
Oracle E-Business Suite
PeopleSoft Enterprise PeopleTools
PeopleSoft Enterprise HRMS
Oracle WebLogic Server (formerly BEA WebLogic Server)
Oracle Data Service Integrator
Oracle AquaLogic Data Services Platform
Oracle JRockit
Affected Products
- Bea_systems weblogic_portal 8.1.0
- Bea_systems weblogic_portal 8.1.0 SP1
- Bea_systems weblogic_portal 8.1.0 SP2
- Bea_systems weblogic_portal 8.1.0 SP3
- Bea_systems weblogic_portal 8.1.0 SP4
- Bea_systems weblogic_portal 8.1.0 SP5
- Bea_systems weblogic_portal 8.1.0 SP6
- Bea_systems weblogic_server 10.0
- Bea_systems weblogic_server 10.0 MP1
- Bea_systems weblogic_server 10.3
- Bea_systems weblogic_server 7.0.0
- Bea_systems weblogic_server 7.0.0 .0.1
- Bea_systems weblogic_server 7.0.0 .0.1 SP 1
- Bea_systems weblogic_server 7.0.0 .0.1 SP 2
- Bea_systems weblogic_server 7.0.0 .0.1 SP 3
- Bea_systems weblogic_server 7.0.0 .0.1 SP 4
- Bea_systems weblogic_server 7.0.0 SP 1
- Bea_systems weblogic_server 7.0.0 SP 2
- Bea_systems weblogic_server 7.0.0 SP 3
- Bea_systems weblogic_server 7.0.0 SP 4
- Bea_systems weblogic_server 7.0.0 SP 5
- Bea_systems weblogic_server 7.0.0 SP 6
- Bea_systems weblogic_server 7.0.0 SP 7
- Bea_systems weblogic_server 7.0 SP7
- Bea_systems weblogic_server 8.1.0
- Bea_systems weblogic_server 8.1.0 SP 1
- Bea_systems weblogic_server 8.1.0 SP 2
- Bea_systems weblogic_server 8.1.0 SP 3
- Bea_systems weblogic_server 8.1.0 SP 4
- Bea_systems weblogic_server 8.1.0 SP 5
- Bea_systems weblogic_server 8.1.0 SP 6
- Bea_systems weblogic_server 9.0
- Bea_systems weblogic_server 9.1
- Bea_systems weblogic_server 9.2
- Bea_systems weblogic_server 9.2 Maintenance Pack 3
- Oracle aqualogic_data_services_platform 3.0
- Oracle aqualogic_data_services_platform 3.0.1
- Oracle aqualogic_data_services_platform 3.2
- Oracle audit_vault 10.2.3
- Oracle bi_publisher 10.1.3.3.0
- Oracle bi_publisher 10.1.3.3.1
- Oracle bi_publisher 10.1.3.3.2
- Oracle bi_publisher 10.1.3.3.3
- Oracle bi_publisher 10.1.3.4
- Oracle data_service_integrator 10.3.0
- Oracle e-business_suite_11i 11.5.10.2
- Oracle e-business_suite_12 12.0.6
- Oracle jrockit R27.1.0
- Oracle jrockit R27.6.0
- Oracle jrockit R27.6.2
- Oracle oracle10g_application_server 10.1.2
- Oracle oracle10g_application_server 10.1.2.3.0
- Oracle oracle10g_enterprise_edition 10.1.0 .5
- Oracle oracle10g_enterprise_edition 10.2.0 .3
- Oracle oracle10g_enterprise_edition 10.2.0.4
- Oracle oracle10g_personal_edition 10.1.0.5
- Oracle oracle10g_personal_edition 10.2.0 .3
- Oracle oracle10g_personal_edition 10.2.0.4
- Oracle oracle10g_standard_edition 10.1.0 .5
- Oracle oracle10g_standard_edition 10.2.0 .3
- Oracle oracle10g_standard_edition 10.2.0.4
- Oracle oracle11g_enterprise_edition 11.1.0 6
- Oracle oracle11g_enterprise_edition 11.1.0.7
- Oracle oracle11g_standard_edition 11.1.0 6
- Oracle oracle11g_standard_edition_one 11.1.0 6
- Oracle oracle9i_enterprise_edition 9.2.0.8.0
- Oracle oracle9i_enterprise_edition 9.2.0 .8DV
- Oracle oracle9i_personal_edition 9.2.0 .8
- Oracle oracle9i_personal_edition 9.2.0 .8DV
- Oracle oracle9i_standard_edition 9.2.0.8
- Oracle oracle9i_standard_edition 9.2.0 .8DV
- Oracle outside_in_sdk_html_export 8.2.2
- Oracle outside_in_sdk_html_export 8.3.0
- Oracle peoplesoft_enterprise_hrms 8.9
- Oracle peoplesoft_enterprise_hrms 9.0
- Oracle peoplesoft_enterprise_peopletools 8.49
- Oracle weblogic_server 10.3
- Oracle xml_publisher 10.1.3.2
- Oracle xml_publisher 10.1.3.2.1
- Oracle xml_publisher 5.6.2
References