受影响系统:
Oracle Retail Plan In-Season 12.2
Oracle Retail Place In-Season 12.2
Oracle Retail Markdown Optimization 13.1
Oracle Thesaurus Management System 4.6.1
Oracle Thesaurus Management System 4.6
Oracle Thesaurus Management System 4.5.2
Oracle Clinical Remote Data Capture Option 4.6
Oracle Clinical Remote Data Capture Option 4.5.3
Oracle Communications Unified Inventory Management 7.1
描述:
Oracle行业应用产品包含有为多个行业定制的各种应用软件。
Oracle行业应用产品套件中的应用于通讯行业的Oracle Communications Unified Inventory Management组件、应用于生命科学行业的Oracle Clinical Remote Data Capture Option组件、Oracle Thesaurus Management System组件和应用于零售业的Oracle Retail Markdown Optimization组件、Oracle Retail Place In-Season、 Oracle Retail Plan In-Season组件中存在多个安全漏洞。远程攻击者可以通过HTTP协议来利用这些漏洞,导致完全入侵服务器系统。
<*来源:Oracle
链接:http://secunia.com/advisories/39257/
http://secunia.com/advisories/39443/
http://secunia.com/advisories/39139/
http://secunia.com/advisories/39339/
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2010.html
http://www.us-cert.gov/cas/techalerts/TA10-103B.html
*>
建议:
厂商补丁:
Oracle
——
Oracle已经为此发布了一个安全公告(cpuapr2010)以及相应补丁:
cpuapr2010:Oracle Critical Patch Update Advisory – April 2010
链接:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2010.html
0 条评论。