Published: 2009-04-18T08:02+00:00
Last Updated: 2009-04-18T08:02+00:00
JVNTR-2009-11
Oracle Updates for Multiple Vulnerabilities - April 2009 (TA09-105A)
Overview
Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service.
Event Information
| Date (UTC) | Description |
| 2009-04-15 19:42 |
US-CERT TA09-105A: Oracle Updates for Multiple Vulnerabilities Via US-CERT Mailing List |
| 2009-04-15 13:03 |
US-CERT Oracle Releases Critical Patch Update for April 2009 US-CERT Current Activity Oracle has released their Critical Patch Update for April 2009 to address 43 vulnerabilities across several products. |
| 2009-04-14 22:40 |
Oracle Oracle Critical Patch Update Advisory - January 2009 |
| 2009-04-14 21:38 |
SANS Internet Storm Center Oracle quarterly patches Oracle also released their quarterly load of patches today. |
| 2007-11-07 |
Zero Day Initiative (ZDI) ZDI-09-017: Oracle Applications Server 10g Format String Vulnerability Vulnerability Reported The specific flaw exists within the Oracle Process Manager and Notification (opmn) daemon which is an HTTP daemon listening on a TCP port above 6000. The daemon fails to properly handle format string tokens in the POST URI when logging to the file $ORACLE_HOME/opmn/logs/opmn.log. Exploitation of this issue can result in arbitrary code execution. |