VRDA Feed : Provides information for vulnerability impact analysis

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

VRDA-100113-001

Oracle Updates for Multiple Vulnerabilities

http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2010.html

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. It also includes non-security fixes that are required (because of interdependencies) by those security patches. Critical Patch Updates are cumulative, except as noted below, but each advisory describes only the security fixes added since the previous Critical Patch Update. Thus, prior Critical Patch Update Advisories should be reviewed for information regarding earlier accumulated security fixes.

About This Analysis Information

Analysis Information Provider:

JPCERT/CC

First Published:

2010-01-13

Source Information Category:

Advisory, Alert

Last Updated:

2010-01-13

Affected Product Tags

cpe:/a:oracle:application_server (Oracle Application Server)

cpe:/a:oracle:database_server (Oracle Database Server)

cpe:/a:oracle:e-business_suite (Oracle E-Business Suite)

lapt:/a:oracle:oracle_access_manager (Oracle Access Manager)

lapt:/a:oracle:oracle_jrockit (Oracle JRockit)

lapt:/a:oracle:peoplesoft_enterprise_hcm (PeopleSoft Enterprise HCM)

lapt:/a:oracle:primavera_p6_enterprise_project_portfolio_management (Primavera P6 Enterprise Project Portfolio Management)

lapt:/a:oracle:primavera_p6_web_services (Primavera P6 Web Services)

lapt:/a:oracle:weblogic_server (Bea Weblogic Server)

Vulnerability Analysis Results

[Information Source Reliability]^[?]

Low^[?]

Medium^[?]

High^[?]

[Impact Level]^[?]

Low^[?]

Low-Medium^[?]

Medium-High^[?]

High^[?]

[Access Required]^[?]

Physical^[?]

Local^[?]

Non-routed^[?]

Routed^[?]

[Authentication]^[?]

Privileged^[?]

Standard^[?]

Limited^[?]

None or Unnecessary^[?]

[User Interaction Required]^[?]

Complex^[?]

Simple^[?]

None^[?]

[Technical Difficulty]^[?]

High^[?]

Medium-High^[?]

Low-Medium^[?]

Low^[?]

[Availability of Remediation]^[?]

Official Patch^[?]

Official Workaround^[?]

Unofficial Patch^[?]

None^[?]

[Incident Activity]^[?]

None^[?]

Exploit or PoC^[?]

Activity Observed^[?]

Alternatives

References

Common Vulnerabilities and Exposures (CVE) CVE-2010-0071

Common Vulnerabilities and Exposures (CVE) CVE-2009-3415

Common Vulnerabilities and Exposures (CVE) CVE-2010-0076

Common Vulnerabilities and Exposures (CVE) CVE-2009-3411

Common Vulnerabilities and Exposures (CVE) CVE-2009-3414

Common Vulnerabilities and Exposures (CVE) CVE-2009-1996

Common Vulnerabilities and Exposures (CVE) CVE-2009-3410

Common Vulnerabilities and Exposures (CVE) CVE-2009-3413

Common Vulnerabilities and Exposures (CVE) CVE-2009-3412

Common Vulnerabilities and Exposures (CVE) CVE-2010-0072

Common Vulnerabilities and Exposures (CVE) CVE-2010-0066

Common Vulnerabilities and Exposures (CVE) CVE-2010-0067

Common Vulnerabilities and Exposures (CVE) CVE-2010-0070

Common Vulnerabilities and Exposures (CVE) CVE-2010-0077

Common Vulnerabilities and Exposures (CVE) CVE-2010-0075

Common Vulnerabilities and Exposures (CVE) CVE-2009-3416

Common Vulnerabilities and Exposures (CVE) CVE-2010-0080

Common Vulnerabilities and Exposures (CVE) CVE-2010-0079

Common Vulnerabilities and Exposures (CVE) CVE-2010-0068

Common Vulnerabilities and Exposures (CVE) CVE-2010-0074

Common Vulnerabilities and Exposures (CVE) CVE-2010-0078

Common Vulnerabilities and Exposures (CVE) CVE-2010-0069

Common Vulnerabilities and Exposures (CVE) CVE-2009-2625

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java RuntimeEnvironment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE5.0 before Update 20, and in other products, allows remote attackersto cause a denial of service (infinite loop and application hang) viamalformed XML input, as demonstrated by the Codenomicon XML fuzzingframework.