Signature Detail

DB: Oracle Database Server Workspace Manager Command Injection

This signature detects attempts to exploit a known vulnerability against Oracle Database Server Workspace Manager. A successful attack can lead to arbitrary command injection.

Extended Description

Oracle has released the October 2008 critical patch update addressing 36 vulnerabilities affecting the following software: Oracle Database Oracle Application Server Oracle E-Business Suite Oracle PeopleSoft Enterprise PeopleTools Oracle PeopleSoft Enterprise Oracle JD Edwards EnterpriseOne Tools Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Workshop for WebLogic (formerly BEA WebLogic Workshop)

Affected Products

• BEA Systems Weblogic Server 10.0
• BEA Systems Weblogic Server 10.0 MP1
• BEA Systems Weblogic Server 10.3
• BEA Systems Weblogic Server 6.1.0
• BEA Systems Weblogic Server 6.1.0 SP 1
• BEA Systems Weblogic Server 6.1.0 SP 2
• BEA Systems Weblogic Server 6.1.0 SP 3
• BEA Systems Weblogic Server 6.1.0 SP 4
• BEA Systems Weblogic Server 6.1.0 SP 5
• BEA Systems Weblogic Server 6.1.0 SP6
• BEA Systems Weblogic Server 6.1.0 SP 7
• BEA Systems Weblogic Server 7.0.0
• BEA Systems Weblogic Server 7.0.0 .0.1
• BEA Systems Weblogic Server 7.0.0 .0.1 SP 1
• BEA Systems Weblogic Server 7.0.0 .0.1 SP 2
• BEA Systems Weblogic Server 7.0.0 .0.1 SP 3
• BEA Systems Weblogic Server 7.0.0 .0.1 SP 4
• BEA Systems Weblogic Server 7.0.0 SP 1
• BEA Systems Weblogic Server 7.0.0 SP 2
• BEA Systems Weblogic Server 7.0.0 SP 3
• BEA Systems Weblogic Server 7.0.0 SP 4
• BEA Systems Weblogic Server 7.0.0 SP 5
• BEA Systems Weblogic Server 7.0.0 SP 6
• BEA Systems Weblogic Server 7.0.0 SP 7
• BEA Systems Weblogic Server 7.0 SP7
• BEA Systems Weblogic Server 8.1
• BEA Systems Weblogic Server 8.1.0
• BEA Systems Weblogic Server 8.1.0 SP 1
• BEA Systems Weblogic Server 8.1.0 SP 2
• BEA Systems Weblogic Server 8.1.0 SP 3
• BEA Systems Weblogic Server 8.1.0 SP 4
• BEA Systems Weblogic Server 8.1.0 SP 5
• BEA Systems Weblogic Server 8.1.0 SP 6
• BEA Systems Weblogic Server 9.0
• BEA Systems Weblogic Server 9.1
• BEA Systems Weblogic Server 9.2
• BEA Systems Weblogic Server 9.2 Maintenance Pack 3
• BEA Systems WebLogic Workshop 10.0
• BEA Systems WebLogic Workshop 10.0 MP1
• BEA Systems WebLogic Workshop 10.2 GA
• BEA Systems WebLogic Workshop 10.3 GA
• BEA Systems WebLogic Workshop 8.1.0 SP 2
• BEA Systems WebLogic Workshop 8.1.0 SP 3
• BEA Systems WebLogic Workshop 8.1.0 SP 4
• BEA Systems WebLogic Workshop 8.1.0 SP 5
• BEA Systems WebLogic Workshop 8.1.0 SP 6
• BEA Systems WebLogic Workshop 9.0
• BEA Systems WebLogic Workshop 9.1
• BEA Systems WebLogic Workshop 9.2
• BEA Systems WebLogic Workshop 9.2
• Oracle E-Business Suite 11i 11.5.10.2
• Oracle E-Business Suite 12 12.0.4
• Oracle JD Edwards EnterpriseOne 8.97
• Oracle JD Edwards EnterpriseOne 8.98
• Oracle Oracle10g Application Server 10.1.2.3.0
• Oracle Oracle10g Application Server 10.1.3 .3.0
• Oracle Oracle10g Application Server 10.1.3 .4.0
• Oracle Oracle10g Application Server 9.0.4 3
• Oracle Oracle10g Enterprise Edition 10.1.0 .5
• Oracle Oracle10g Enterprise Edition 10.2.0 .2
• Oracle Oracle10g Enterprise Edition 10.2.0 .3
• Oracle Oracle10g Enterprise Edition 10.2.0.4
• Oracle Oracle10g Personal Edition 10.1.0.5
• Oracle Oracle10g Personal Edition 10.2.0 .2
• Oracle Oracle10g Personal Edition 10.2.0 .3
• Oracle Oracle10g Personal Edition 10.2.0.4
• Oracle Oracle10g Standard Edition 10.2.0 .2
• Oracle Oracle10g Standard Edition 10.2.0 .3
• Oracle Oracle10g Standard Edition 10.2.0.4
• Oracle Oracle11g Enterprise Edition 11.1.0 6
• Oracle Oracle11g Standard Edition 11.1.0 6
• Oracle Oracle11g Standard Edition One 11.1.0 6
• Oracle Oracle9i Enterprise Edition 9.2.0.8.0
• Oracle Oracle9i Enterprise Edition 9.2.0 .8DV
• Oracle PeopleSoft Enterprise Customer Relationship Manage 8.9
• Oracle PeopleSoft Enterprise Customer Relationship Manage 9.0
• Oracle PeopleSoft Enterprise PeopleTools 8.48.18
• Oracle PeopleSoft Enterprise PeopleTools 8.49.14

References

• BugTraq: 31683
• CVE: CVE-2008-3982
• CVE: CVE-2008-3983
• CVE: CVE-2008-3984
• URL: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2008.html