Infrastructure Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Security Vulnerabilities on OAS 10.1.2.3

844233Mar 2 2011 — edited Mar 4 2011

Hello,

I installed the latest security patch 10031947 on my server (Infra & Midtier), and after a new security scan I'm still receiving the following vulnerabilities:

However, the patches did not resolve the following vulnerabilities and they still exist.
• PM12041 Open ipnsec cve-2010-0067 SSDEAPP10[204.53.90.45] - FOUNDSCAN HIGH VULN #7686.
ORACLE APPLICATION SERVER ORACLE CONTAINERS FOR J2EE COMPONENT REMOTE CODE EXECUTION VULNERABILITY

• PM12045 Open ipnsec cve-2009-0217 SSDEAPP10[204.53.90.45] - FOUNDSCAN MEDIUM VULN #7089.
ORACLE APPLICATION SERVER SECURITY DEVELOPER TOOLS COMPONENT HMAC TRUNCATION AUTHENTICATION BYPASS VULNERABILITY

• PM12044 Open ipnsec cve-2009-1976 SSDEAPP10[204.53.90.45] - FOUNDSCAN MEDIUM VULN #7092.
ORACLE APPLICATION HTTP SERVER COMPONENT UNSPECIFIED VULNERABILITY (CVE-2009-1976)

• PM12043 Open ipnsec cve-2009-3407 SSDEAPP10[204.53.90.45] - FOUNDSCAN MEDIUM VULN #7283.
ORACLE APPLICATION SERVER PORTAL COMPONENT UNSPECIFIED VULNERABILITY (CVE-2009-3407)

• PM12040 Open ipnsec cve-2009-0974 SSDEAPP10[204.53.90.45] - FOUNDSCAN MEDIUM VULN #7961.
ORACLE APPLICATION SERVER PORTAL UNSPECIFIED REMOTE DENIAL OF SERVICE VULNERABILITY

• PM12039 Open ipnsec cve-2009-0983 SSDEAPP10[204.53.90.45] - FOUNDSCAN MEDIUM VULN #7991. ORACLE APPLICATION SERVER PORTAL REMOTE DENIAL OF SERVICE VULNERABILITY

How can I find the correct patches to can eliminated the listed vulnerabilities?

Thanks in advance.

Veronica.

Locked Post

New comments cannot be posted to this locked post.

Locked on Apr 1 2011

Added on Mar 2 2011

#oracle-solaris, #solaris-11

5 comments

1,325 views