Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:ORACLE:SRV-OPMN-FS

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Oracle Application Server 10g OPMN Service Format String Vulnerability

Release Date

 2010/10/25

Update Number

 1798

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Oracle Application Server 10g OPMN Service Format String Vulnerability


This signature detects attempts to exploit a known format string vulnerability in Oracle Application Server. It is due to improper handling of user data when logging the events. A remote attacker can exploit this by sending specially crafted request to the target system. A successful attack can allow remote code execution.

Extended Description

Oracle has released the April 2009 critical patch update that addresses 43 vulnerabilities affecting the following software: Oracle Database Oracle Audit Vault Oracle Application Server Oracle Outside In SDK HTML Export Oracle XML Publisher Oracle BI Publisher Oracle E-Business Suite PeopleSoft Enterprise PeopleTools PeopleSoft Enterprise HRMS Oracle WebLogic Server (formerly BEA WebLogic Server) Oracle Data Service Integrator Oracle AquaLogic Data Services Platform Oracle JRockit

Affected Products

  • BEA Systems WebLogic Portal 8.1.0
  • BEA Systems WebLogic Portal 8.1.0 SP1
  • BEA Systems WebLogic Portal 8.1.0 SP2
  • BEA Systems WebLogic Portal 8.1.0 SP3
  • BEA Systems WebLogic Portal 8.1.0 SP4
  • BEA Systems WebLogic Portal 8.1.0 SP5
  • BEA Systems WebLogic Portal 8.1.0 SP6
  • BEA Systems Weblogic Server 10.0
  • BEA Systems Weblogic Server 10.0 MP1
  • BEA Systems Weblogic Server 10.3
  • BEA Systems Weblogic Server 7.0.0
  • BEA Systems Weblogic Server 7.0.0 .0.1
  • BEA Systems Weblogic Server 7.0.0 .0.1 SP 1
  • BEA Systems Weblogic Server 7.0.0 .0.1 SP 2
  • BEA Systems Weblogic Server 7.0.0 .0.1 SP 3
  • BEA Systems Weblogic Server 7.0.0 .0.1 SP 4
  • BEA Systems Weblogic Server 7.0.0 SP 1
  • BEA Systems Weblogic Server 7.0.0 SP 2
  • BEA Systems Weblogic Server 7.0.0 SP 3
  • BEA Systems Weblogic Server 7.0.0 SP 4
  • BEA Systems Weblogic Server 7.0.0 SP 5
  • BEA Systems Weblogic Server 7.0.0 SP 6
  • BEA Systems Weblogic Server 7.0.0 SP 7
  • BEA Systems Weblogic Server 7.0 SP7
  • BEA Systems Weblogic Server 8.1.0
  • BEA Systems Weblogic Server 8.1.0 SP 1
  • BEA Systems Weblogic Server 8.1.0 SP 2
  • BEA Systems Weblogic Server 8.1.0 SP 3
  • BEA Systems Weblogic Server 8.1.0 SP 4
  • BEA Systems Weblogic Server 8.1.0 SP 5
  • BEA Systems Weblogic Server 8.1.0 SP 6
  • BEA Systems Weblogic Server 9.0
  • BEA Systems Weblogic Server 9.1
  • BEA Systems Weblogic Server 9.2
  • BEA Systems Weblogic Server 9.2 Maintenance Pack 3
  • Oracle AquaLogic Data Services Platform 3.0
  • Oracle AquaLogic Data Services Platform 3.0.1
  • Oracle AquaLogic Data Services Platform 3.2
  • Oracle Audit Vault 10.2.3
  • Oracle BI Publisher 10.1.3.3.0
  • Oracle BI Publisher 10.1.3.3.1
  • Oracle BI Publisher 10.1.3.3.2
  • Oracle BI Publisher 10.1.3.3.3
  • Oracle BI Publisher 10.1.3.4
  • Oracle Data Service Integrator 10.3.0
  • Oracle E-Business Suite 11i 11.5.10.2
  • Oracle E-Business Suite 12 12.0.6
  • Oracle JRockit R27.1.0
  • Oracle JRockit R27.6.0
  • Oracle JRockit R27.6.2
  • Oracle Oracle10g Application Server 10.1.2
  • Oracle Oracle10g Application Server 10.1.2.3.0
  • Oracle Oracle10g Enterprise Edition 10.1.0 .5
  • Oracle Oracle10g Enterprise Edition 10.2.0 .3
  • Oracle Oracle10g Enterprise Edition 10.2.0.4
  • Oracle Oracle10g Personal Edition 10.1.0.5
  • Oracle Oracle10g Personal Edition 10.2.0 .3
  • Oracle Oracle10g Personal Edition 10.2.0.4
  • Oracle Oracle10g Standard Edition 10.1.0 .5
  • Oracle Oracle10g Standard Edition 10.2.0 .3
  • Oracle Oracle10g Standard Edition 10.2.0.4
  • Oracle Oracle11g Enterprise Edition 11.1.0 6
  • Oracle Oracle11g Enterprise Edition 11.1.0.7
  • Oracle Oracle11g Standard Edition 11.1.0 6
  • Oracle Oracle11g Standard Edition One 11.1.0 6
  • Oracle Oracle9i Enterprise Edition 9.2.0.8.0
  • Oracle Oracle9i Enterprise Edition 9.2.0 .8DV
  • Oracle Oracle9i Personal Edition 9.2.0 .8
  • Oracle Oracle9i Personal Edition 9.2.0 .8DV
  • Oracle Oracle9i Standard Edition 9.2.0.8
  • Oracle Oracle9i Standard Edition 9.2.0 .8DV
  • Oracle Outside In SDK HTML Export 8.2.2
  • Oracle Outside In SDK HTML Export 8.3.0
  • Oracle PeopleSoft Enterprise HRMS 8.9
  • Oracle PeopleSoft Enterprise HRMS 9.0
  • Oracle PeopleSoft Enterprise PeopleTools 8.49
  • Oracle Weblogic Server 10.3
  • Oracle XML Publisher 10.1.3.2
  • Oracle XML Publisher 10.1.3.2.1
  • Oracle XML Publisher 5.6.2

References

  • BugTraq: 34461
  • CVE: CVE-2009-0993

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out