Overview
Several vulnerabilities exist in the Portal and iSQL*Plus components of the Oracle Application Server. According the the Oracle Security Alert, exploitation of these vulnerabilities would require the attacker to have network access, but not a valid user account on the vulnerable system.
Description
Oracle Application Server 10g (9.0.4) versions 9.0.4.0 and 9.0.4.1, Oracle9i Application Server Release 2 versions 9.0.2.3 and 9.0.3.1 and Oracle9i Application Server Release 1 version 1.0.2.2 contain multiple vulnerabilities in the in the Portal and iSQL*Plus components. In order to exploit these vulnerabilities an attacker would need to have network access to the vulnerable systems. |
Impact
The complete impact of this vulnerabilities is not clear. Oracle has rated this issue as High. For more information about Oracle's severity ratings please see: http://otn.oracle.com/deploy/security/pdf/oracle_severity_ratings.pdf |
Solution
Apply the appropriate patch or upgrade as specified in the Oracle Security Alert #68 (pdf).
|
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
These vulnerabilities were discovered by several parties and reported in an Oracle Security Alert.
This document was written by Jason A Rafail.
Other Information
| CVE IDs: | None |
| Severity Metric: | 27.42 |
| Date Public: | 2004-08-31 |
| Date First Published: | 2004-09-01 |
| Date Last Updated: | 2004-09-01 18:34 UTC |
| Document Revision: | 9 |