Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors….
CVE Identifier: CVE-2009-3407
Vulnerability Type(s):
Severity: Medium
Posts Tagged ‘application_server’
Application Server 10.1.4.2 and prior [Medium]
By Security Team • Oct 22nd, 2009 • Category: Security NotificationsApplication Server 10.1.3.4.1 [Low]
By Security Team • Oct 22nd, 2009 • Category: Security NotificationsUnspecified vulnerability in the Business Intelligence Enterprise Edition component in Oracle Application Server 10.1.3.4.1 allows local users to affect confidentiality via unknown vectors….
CVE Identifier: CVE-2009-1990
Vulnerability Type(s):
Severity: Low
Application Server [Medium]
By Security Team • Oct 22nd, 2009 • Category: Security NotificationsUnspecified vulnerability in the Business Intelligence Enterprise Edition component in unspecified Oracle Application Server versions allows remote attackers to affect integrity via unknown vectors….
CVE Identifier: CVE-2009-1999
Vulnerability Type(s):
Severity: Medium
Application Server 10.3 and prior [Medium]
By Security Team • Jul 14th, 2009 • Category: Security NotificationsThe design of the W3C XML Signature Syntax and Processing (XMLDsig) standard, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; and other products uses a parameter that defines an HMAC truncation length but does not require a minimum for this length, which allows attackers to bypass HMAC protection and spoof HMAC-based signatures by specifying a truncation length with a small number of bits….
CVE Identifier: CVE-2009-0217
Vulnerability Type(s):
Severity: Medium
Application Server 10.1.2.3 [Medium]
By Security Team • Jul 14th, 2009 • Category: Security NotificationsUnspecified vulnerability in the HTTP Server component in Oracle Application Server 10.1.2.3 allows remote attackers to affect integrity via unknown vectors….
CVE Identifier: CVE-2009-1976
Vulnerability Type(s):
Severity: Medium
Application Server 10.3 and prior [Medium]
By Security Team • Jul 14th, 2009 • Category: Security NotificationsThe design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits….
CVE Identifier: CVE-2009-0217
Vulnerability Type(s):
Severity: Medium
Application Server 10.3 and prior [Medium]
By Security Team • Jul 14th, 2009 • Category: Security NotificationsThe design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits….
CVE Identifier: CVE-2009-0217
Vulnerability Type(s):
Severity: Medium
Application Server 10.3 and prior [Medium]
By Security Team • Jul 14th, 2009 • Category: Security NotificationsThe design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits….
CVE Identifier: CVE-2009-0217
Vulnerability Type(s):
Severity: Medium
Application Server 10.3 and prior [Medium]
By Security Team • Jul 14th, 2009 • Category: Security NotificationsThe design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, and 8.1 SP6; (3) Mono before 2.4.2.2; (4) XML Security Library before 1.2.12; (5) IBM WebSphere Application Server Versions 6.0 through 6.0.2.33, 6.1 through 6.1.0.23, and 7.0 through 7.0.0.1; (6) Sun JDK and JRE Update 14 and earlier; and other products uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits….
CVE Identifier: CVE-2009-0217
Vulnerability Type(s):
Severity: Medium
Application Server 8.3.0 and prior [Medium]
By Security Team • Apr 15th, 2009 • Category: Security NotificationsUnspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML….
CVE Identifier: CVE-2009-1011
Vulnerability Type(s):
Severity: Medium
