{"vuid":"VU#435974","idnumber":"435974","name":"Oracle Application Server contains several vulnerabilities","keywords":["Oracle","Application Server","Portal","iSQL*Plus"],"overview":"Several vulnerabilities exist in the Portal and iSQL*Plus components of the Oracle Application Server. According the the Oracle Security Alert, exploitation of these vulnerabilities would require the attacker to have network access, but not a valid user account on the vulnerable system.","clean_desc":"Oracle Application Server 10g (9.0.4) versions 9.0.4.0 and 9.0.4.1, Oracle9i Application Server Release 2 versions 9.0.2.3 and 9.0.3.1 and Oracle9i Application Server Release 1 version 1.0.2.2 contain multiple vulnerabilities in the in the Portal and iSQL*Plus components. In order to exploit these vulnerabilities an attacker would need to have network access to the vulnerable systems.","impact":"The complete impact of this vulnerabilities is not clear. Oracle has rated this issue as High. For more information about Oracle's severity ratings please see: http://otn.oracle.com/deploy/security/pdf/oracle_severity_ratings.pdf","resolution":"Apply the appropriate patch or upgrade as specified in the Oracle Security Alert #68 (pdf). For sites that use Oracle's Collaboration Suite or E-Business Suite 11i, please see Oracle Security Alert #68 (pdf) for remediation instructions.","workarounds":"","sysaffected":"","thanks":"These vulnerabilities were discovered by several parties and reported in an Oracle Security Alert.","author":"This document was written by Jason A Rafail.","public":["http://www.oracle.com/technology/deploy/security/alerts.htm","http://www.securitytracker.com/alerts/2004/Aug/1011110.html","http://secunia.com/advisories/12409/","http://www.oracle.com/technology/deploy/security/alerts.htm","http://www.securitytracker.com/alerts/2004/Sep/1011126.html"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-09-01T14:45:12Z","publicdate":"2004-08-31T00:00:00Z","datefirstpublished":"2004-09-01T18:11:00Z","dateupdated":"2004-09-01T18:34:10Z","revision":9,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"15","cam_impact":"20","cam_easeofexploitation":"13","cam_attackeraccessrequired":"15","cam_scorecurrent":"27.421875","cam_scorecurrentwidelyknown":"32.90625","cam_scorecurrentwidelyknownexploited":"54.84375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":27.421875,"vulnote":null}