Home » Avisos y Alertas

CA-AL-21-0110: Vulnerabilidades en productos ORACLE.


ALERTA: Vulnerabilidades en productos ORACLE.


13-01-2010                                                CA-AL-21-0110
 


PROBLEMA:

 Múltiples vulnerabilidades han sido identificadas en varios productos de Oracle que de ser explotadas por atacantes maliciosos podrían ocasionar importantes perjuicios sobre los sistemas afectados (DoS, ataques de inyección de SQL, evitar restricciones de seguridad, manipulación de datos, etc)
 

VERSIONES AFECTADAS:

Oracle Database 11g version 11.1.0.7
Oracle Database 10g Release 2 version 10.2.0.3
Oracle Database 10g Release 2 version 10.2.0.4
Oracle Database 10g version 10.1.0.5
Oracle Database 9i Release 2 version 9.2.0.8
Oracle Database 9i Release 2 version 9.2.0.8DV
Oracle Application Server 10g Release 3 (10.1.3) version 10.1.3.4.0
Oracle Application Server 10g Release 3 (10.1.3) version 10.1.3.5
Oracle Application Server 10g Release 3 (10.1.3) version 10.1.3.5.1
Oracle Application Server 10g Release 2 (10.1.2) version 10.1.2.3.0
Oracle Access Manager version 7.0.4.3
Oracle Access Manager version 10.1.4.2
Oracle E-Business Suite Release 12 version 12.0.4
Oracle E-Business Suite Release 12 version 12.0.5
Oracle E-Business Suite Release 12 version 12.0.6
Oracle E-Business Suite Release 12 version 12.1.1
Oracle E-Business Suite Release 12 version 12.1.2
Oracle E-Business Suite Release 11i version 11.5.10.2
PeopleSoft Enterprise HCM (TAM) version 8.9
PeopleSoft Enterprise HCM (TAM) version 9.0
Oracle WebLogic Server versions 10.0 through MP2
Oracle WebLogic Server version 10.3.0
Oracle WebLogic Server version 10.3.1
Oracle WebLogic Server version 9.0 GA
Oracle WebLogic Server version 9.1 GA
Oracle WebLogic Server versions 9.2 through 9.2 MP3
Oracle WebLogic Server versions 8.1 through 8.1 SP6
Oracle WebLogic Server versions 7.0 through 7.0 SP7
Oracle JRockit version R27.6.5 and prior (JDK/JRE 6, 5, 1.4.2)
Primavera P6 Enterprise Project Portfolio Management version 6.1
Primavera P6 Enterprise Project Portfolio Management version 6.2.1
Primavera P6 Enterprise Project Portfolio Management version 7.0
Primavera P6 Web Services version 6.2.1
Primavera P6 Web Services version 7.0
Primavera P6 Web Services version 7.0SP1
 

SOLUCIÓN:

Aplicar los parches de Enero/2010 distribuidos por Oracle en:

http://www.oracle.com/technology/deploy/security/critical-patch-updates/...

 

VALORACIÓN DEL IMPACTO:       MUY ALTO


REFERENCIAS:

VUPEN: http://www.vupen.com/english/advisories/2010/0102
SECUNIA: http://secunia.com/advisories/38059
ORACLE: http://www.oracle.com/technology/deploy/security/critical-patch-updates/...

»