Oracle Database

ソフト名：Oracle Database 10.1.0.5/10.2.0.3/10.2.0.4/10.2.0.5/11.1.0.7/11.2.0.1/11.2.0.2

回避策：アップデートにて対応

脆弱性：データ操作, 機密情報の奪取, 権限の昇格, DoS攻撃, システムアクセス, 不正アクションの実行, リモートコード実行, 不正アクセス

ソース：http://www.oracle.com/us/products/database/index.html

http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html#AppendixDB

http://secunia.com/advisories/45274/

http://secunia.com/advisories/45275/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0811

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0816

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0822

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0830

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0831

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0832

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0835

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0838

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0848

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0852

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0870

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0875

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0876

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0877

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0879

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0880

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0881

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0882

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2230

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2231

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2232

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2238

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2239

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2240

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2242

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2243

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2244

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2248

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2257

CVE：CVE-2011-0811, CVE-2011-0816, CVE-2011-0822, CVE-2011-0830, CVE-2011-0831, CVE-2011-0832, CVE-2011-0835, CVE-2011-0838, CVE-2011-0848, CVE-2011-0852, CVE-2011-0870, CVE-2011-0875, CVE-2011-0876, CVE-2011-0877, CVE-2011-0879, CVE-2011-0880, CVE-2011-0881, CVE-2011-0882, CVE-2011-2230, CVE-2011-2231, CVE-2011-2232, CVE-2011-2238, CVE-2011-2239, CVE-2011-2240, CVE-2011-2242, CVE-2011-2243, CVE-2011-2244, CVE-2011-2248, CVE-2011-2257

危険性：Medium Risk

Oracle Database, Oracle WebLogic Server

ソフト名：Oracle Database 10g Release 1 version 10.1.0.5/Release 2 versions 10.2.0.3/10.2.0.4/10.2.0.5/11g Release 1 version 11.1.0.7/Release 2 versions 11.2.0.1/11.2.0.2, Oracle WebLogic Server 8.1.6/9.2.3/9.2.4/10.0.2/11gR1 (10.3.2, 10.3.3, 10.3.4)

回避策：あり

脆弱性：データ操作, 機密情報の奪取, DoS攻撃, システムアクセス, 不特定のエラー, リモートコード実行, 無限ループ

ソース：http://www.oracle.com/us/products/database/index.html

http://www.oracle.com/us/products/database/index.html

http://www.oracle.com/us/corporate/Acquisitions/bea/index.html?CNT=index.htm&FP=/content/products/server/&origref=http://secunia.com/advisories/product/1360/

http://www.oracle.com/us/corporate/Acquisitions/bea/index.html?CNT=index.htm&FP=/content/products/weblogic/server&origref=http://secunia.com/advisories/product/5822/

http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html#AppendixDB

http://secunia.com/advisories/37291/

http://secunia.com/advisories/44228/

http://secunia.com/advisories/44246/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0785

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0787

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0792

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0793

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0799

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0804

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0805

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0806

CVE：CVE-2009-3555, CVE-2011-0785, CVE-2011-0787, CVE-2011-0792, CVE-2011-0793, CVE-2011-0799, CVE-2011-0804, CVE-2011-0805, CVE-2011-0806

危険性：Medium Risk

Oracle Database

ソフト名：Oracle Database 10.x/11.2.0.1.0
回避策：未対応
脆弱性：システムアクセス, バッファオーバーフロー, リモートコード実行
ソース：http://www.oracle.com/us/products/database/index.html
http://secunia.com/advisories/43337/
危険性：Medium Risk

Oracle Enterprise Manager, Oracle Database

ソフト名：Oracle Enterprise Manager 10.x, Oracle Database 10.1.0.5～11.2.0.1
回避策：あり
脆弱性：不正アクセス, リモートファイルアップロード, リモートコード実行, データ操作, 機密情報の奪取, 権限の昇格, 不特定のエラー
ソース：http://www.oracle.com/technetwork/products/oem/index.html
http://www.oracle.com/us/products/database/index.html
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
http://www.zerodayinitiative.com/advisories/ZDI-11-018/
http://secunia.com/advisories/42921/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4413
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4423
CVE：CVE-2010-3590, CVE-2010-3600, CVE-2010-4413, CVE-2010-4420, CVE-2010-4421, CVE-2010-4423
危険性：High Risk