Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities


Description   Multiple vulnerabilities have been identified in various Oracle products, which could be exploited by remote or local attackers to cause a denial of service, execute arbitrary commands, read and overwrite arbitrary data, disclose sensitive information, conduct SQL injection and cross site scripting attacks, or bypass security restrictions. These issues are caused by errors in the Import, Export, Oracle Text, Spatial, Workspace Manager, Advanced Security Option, Core RDBMS, Database Control, Oracle Database Vault, Oracle Net Services, XML DB, Oracle Internet Directory, Oracle Help for Web, Advanced Queuing, SQL Execution, Oracle Process Mgmt & Notification, Oracle Portal, Oracle HTTP Server, Oracle Containers for J2EE, Oracle Single Sign-On, Oracle Application Object Library, Oracle Contracts Integration, Oracle Public Sector Human Resources, Oracle Marketing, Oracle Quoting, Oracle Exchange and Oracle Self-Service Web Applications components.
     
Vulnerable Products   Vulnerable Software:
Oracle Database 10g Release 2 version 10.2.0.2Oracle Database 10g Release 2 version 10.2.0.3Oracle Database 10g version 10.1.0.5Oracle Database 9i Release 2 version 9.2.0.8Oracle Database 9i Release 2 version 9.2.0.8DVOracle Application Server 10g Release 3 (10.1.3) version 10.1.3.0.0Oracle Application Server 10g Release 3 (10.1.3) version 10.1.3.1.0Oracle Application Server 10g Release 3 (10.1.3) version 10.1.3.2.0Oracle Application Server 10g Release 3 (10.1.3) version 10.1.3.3.0Oracle Application Server 10g Release 2 (10.1.2) versions 10.1.2.0.1 through 10.1.2.0.2Oracle Application Server 10g Release 2 (10.1.2) version 10.1.2.1.0Oracle Application Server 10g Release 2 (10.1.2) version 10.1.2.2.0Oracle Application Server 10g (9.0.4) version 9.0.4.3Oracle Collaboration Suite 10g version 10.1.2Oracle E-Business Suite Release 12 versions 12.0.0 through 12.0.3Oracle E-Business Suite Release 11i versions 11.5.8 through 11.5.10 CU2Oracle Enterprise Manager Database Control 10g Release 2 version 10.2.0.2Oracle Enterprise Manager Database Control 10g Release 2 version 10.2.0.3Oracle Enterprise Manager Database Control 10g Release 1 version 10.1.0.5Oracle Enterprise Manager Grid Control 10g Release 1 version 10.1.0.5Oracle Enterprise Manager Grid Control 10g Release 1 version 10.1.0.6Oracle PeopleSoft Enterprise PeopleTools version 8.22Oracle PeopleSoft Enterprise PeopleTools version 8.47Oracle PeopleSoft Enterprise PeopleTools version 8.48Oracle PeopleSoft Enterprise PeopleTools version 8.49Oracle PeopleSoft Enterprise Human Capital Management version 8.9 (Absence Management Module)Oracle PeopleSoft Enterprise Human Capital Management version 9.0 (Absence Management Module)
     
Solution   Apply Oracle Critical Patch Update (October 2007) : http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2007.html
     
CVE   CVE-2007-5897
CVE-2007-5766
CVE-2007-5534
CVE-2007-5533
CVE-2007-5532
CVE-2007-5531
CVE-2007-5530
CVE-2007-5529
CVE-2007-5528
CVE-2007-5527
CVE-2007-5526
CVE-2007-5525
CVE-2007-5524
CVE-2007-5523
CVE-2007-5522
CVE-2007-5521
CVE-2007-5520
CVE-2007-5519
CVE-2007-5518
CVE-2007-5517
CVE-2007-5516
CVE-2007-5515
CVE-2007-5514
CVE-2007-5513
CVE-2007-5512
CVE-2007-5511
CVE-2007-5510
CVE-2007-5509
CVE-2007-5508
CVE-2007-5507
CVE-2007-5506
CVE-2007-5505
CVE-2007-5504
     
References   http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2007.html
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
SQL injection Prevention - GET : suspicious OR statement in URL
3.2.0
SQL injection Prevention - POST : suspicious SELECT statement in data
3.2.0
SQL injection Prevention - GET : suspicious combination of 'OR' or 'AND' statements in URL
3.2.0
SQL injection Prevention - POST : possible version probing in data
3.2.0
SQL injection Prevention - GET : suspicious CREATE statement in URL
3.2.0
SQL injection Prevention - GET : suspicious OPENROWSET statement in URL
3.2.0
SQL injection Prevention - POST : suspicious OPENQUERY statement in data
3.2.0
SQL injection Prevention - POST : suspicious CREATE statement in data
3.2.0
SQL injection Prevention - POST : suspicious UPDATE statement in data
3.2.0
SQL injection Prevention - POST : suspicious UNION statement in data
3.2.0
SQL injection Prevention - GET : suspicious OPENQUERY statement in URL
3.2.0
SQL injection Prevention - GET : suspicious shutdown statement in URL
3.2.0
SQL injection Prevention - GET : suspicious UNION SELECT statement in URL
3.2.0
SQL injection Prevention - POST : suspicious DROP statement in data
3.2.0
SQL injection Prevention - GET : possible database version probing
3.2.0
SQL injection Prevention - POST : suspicious INSERT statement in data
3.2.0
SQL injection Prevention - POST : suspicious OR statement in data
3.2.0
SQL injection Prevention - GET : suspicious UPDATE SET statement in URL
3.2.0
SQL injection Prevention - POST : suspicious EXEC statement in data
3.2.0
SQL injection Prevention - GET : suspicious SELECT statement in URL
3.2.0
SQL injection Prevention - GET : suspicious INSERT statement in URL
3.2.0
SQL injection Prevention - GET : suspicious DROP statement in URL
3.2.0
SQL injection Prevention - POST : suspicious OPENROWSET statement in data
3.2.0
SQL injection Prevention - GET : suspicious EXEC statement in URL
3.2.0
SQL injection Prevention - POST : suspicious HAVING statement in data
3.2.0
SQL injection Prevention - GET : suspicious SQL statement in header
4.0.0
     


 
 
 
 
 Risk level 
High 

 Vulnerability First Public Report Date 
2007-10-17 

 Target Type 
Server 

 Possible exploit 
Local & Remote