Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:ORACLE:SRV-OPMN-FS

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Oracle Application Server 10g OPMN Service Format String Vulnerability

Release Date

 2010/10/25

Update Number

 1798

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Oracle Application Server 10g OPMN Service Format String Vulnerability


This signature detects attempts to exploit a known format string vulnerability in Oracle Application Server. It is due to improper handling of user data when logging the events. A remote attacker can exploit this by sending specially crafted request to the target system. A successful attack can allow remote code execution.

Extended Description

Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit

Affected Products

  • Bea_systems weblogic_portal 8.1.0
  • Bea_systems weblogic_portal 8.1.0 SP1
  • Bea_systems weblogic_portal 8.1.0 SP2
  • Bea_systems weblogic_portal 8.1.0 SP3
  • Bea_systems weblogic_portal 8.1.0 SP4
  • Bea_systems weblogic_portal 8.1.0 SP5
  • Bea_systems weblogic_portal 8.1.0 SP6
  • Bea_systems weblogic_server 10.0
  • Bea_systems weblogic_server 10.0 MP1
  • Bea_systems weblogic_server 10.3
  • Bea_systems weblogic_server 7.0.0
  • Bea_systems weblogic_server 7.0.0 .0.1
  • Bea_systems weblogic_server 7.0.0 .0.1 SP 1
  • Bea_systems weblogic_server 7.0.0 .0.1 SP 2
  • Bea_systems weblogic_server 7.0.0 .0.1 SP 3
  • Bea_systems weblogic_server 7.0.0 .0.1 SP 4
  • Bea_systems weblogic_server 7.0.0 SP 1
  • Bea_systems weblogic_server 7.0.0 SP 2
  • Bea_systems weblogic_server 7.0.0 SP 3
  • Bea_systems weblogic_server 7.0.0 SP 4
  • Bea_systems weblogic_server 7.0.0 SP 5
  • Bea_systems weblogic_server 7.0.0 SP 6
  • Bea_systems weblogic_server 7.0.0 SP 7
  • Bea_systems weblogic_server 7.0 SP7
  • Bea_systems weblogic_server 8.1.0
  • Bea_systems weblogic_server 8.1.0 SP 1
  • Bea_systems weblogic_server 8.1.0 SP 2
  • Bea_systems weblogic_server 8.1.0 SP 3
  • Bea_systems weblogic_server 8.1.0 SP 4
  • Bea_systems weblogic_server 8.1.0 SP 5
  • Bea_systems weblogic_server 8.1.0 SP 6
  • Bea_systems weblogic_server 9.0
  • Bea_systems weblogic_server 9.1
  • Bea_systems weblogic_server 9.2
  • Bea_systems weblogic_server 9.2 Maintenance Pack 3
  • Oracle aqualogic_data_services_platform 3.0
  • Oracle aqualogic_data_services_platform 3.0.1
  • Oracle aqualogic_data_services_platform 3.2
  • Oracle audit_vault 10.2.3
  • Oracle bi_publisher 10.1.3.3.0
  • Oracle bi_publisher 10.1.3.3.1
  • Oracle bi_publisher 10.1.3.3.2
  • Oracle bi_publisher 10.1.3.3.3
  • Oracle bi_publisher 10.1.3.4
  • Oracle data_service_integrator 10.3.0
  • Oracle e-business_suite_11i 11.5.10.2
  • Oracle e-business_suite_12 12.0.6
  • Oracle jrockit R27.1.0
  • Oracle jrockit R27.6.0
  • Oracle jrockit R27.6.2
  • Oracle oracle10g_application_server 10.1.2
  • Oracle oracle10g_application_server 10.1.2.3.0
  • Oracle oracle10g_enterprise_edition 10.1.0 .5
  • Oracle oracle10g_enterprise_edition 10.2.0 .3
  • Oracle oracle10g_enterprise_edition 10.2.0.4
  • Oracle oracle10g_personal_edition 10.1.0.5
  • Oracle oracle10g_personal_edition 10.2.0 .3
  • Oracle oracle10g_personal_edition 10.2.0.4
  • Oracle oracle10g_standard_edition 10.1.0 .5
  • Oracle oracle10g_standard_edition 10.2.0 .3
  • Oracle oracle10g_standard_edition 10.2.0.4
  • Oracle oracle11g_enterprise_edition 11.1.0 6
  • Oracle oracle11g_enterprise_edition 11.1.0.7
  • Oracle oracle11g_standard_edition 11.1.0 6
  • Oracle oracle11g_standard_edition_one 11.1.0 6
  • Oracle oracle9i_enterprise_edition 9.2.0.8.0
  • Oracle oracle9i_enterprise_edition 9.2.0 .8DV
  • Oracle oracle9i_personal_edition 9.2.0 .8
  • Oracle oracle9i_personal_edition 9.2.0 .8DV
  • Oracle oracle9i_standard_edition 9.2.0.8
  • Oracle oracle9i_standard_edition 9.2.0 .8DV
  • Oracle outside_in_sdk_html_export 8.2.2
  • Oracle outside_in_sdk_html_export 8.3.0
  • Oracle peoplesoft_enterprise_hrms 8.9
  • Oracle peoplesoft_enterprise_hrms 9.0
  • Oracle peoplesoft_enterprise_peopletools 8.49
  • Oracle weblogic_server 10.3
  • Oracle xml_publisher 10.1.3.2
  • Oracle xml_publisher 10.1.3.2.1
  • Oracle xml_publisher 5.6.2

References

  • BugTraq: 34461
  • CVE: CVE-2009-0993

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out