Oracle PeopleSoft Enterprise和JD Edwards EnterpriseOne PeopleTools未明安全攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112020 漏洞类型 未知
发布时间 2007-01-16 更新时间 2007-01-19
CVE编号 CVE-2007-0297 CNNVD-ID CNNVD-200701-209
漏洞平台 Multiple CVSS评分 4.0
|漏洞来源
https://www.exploit-db.com/exploits/29475
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200701-209
|漏洞详情
OraclePeopleSoftEnterprise和JDEdwardsEnterpriseOne8.47.11和8.48.06中存在未明漏洞。它在PeopleTools中有未知影响和攻击向量,又称PSE03。
|漏洞EXP
source: http://www.securityfocus.com/bid/22083/info

Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well.

The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. 

http://www.example.com:1158/em/dynamicImage/emSDK/chart/EmChartBean?beanId=\..\..\..\..\..\..\..\..\..\..\..\..\test.txt
|参考资料

来源:US-CERT
名称:TA07-017A
链接:http://www.us-cert.gov/cas/techalerts/TA07-017A.html
来源:www.oracle.com
链接:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html
来源:SECUNIA
名称:23794
链接:http://secunia.com/advisories/23794
来源:XF
名称:oracle-cpu-jan2007(31541)
链接:http://xforce.iss.net/xforce/xfdb/31541
来源:BID
名称:22083
链接:http://www.securityfocus.com/bid/22083
来源:SECTRACK
名称:1017522
链接:http://securitytracker.com/id?1017522