Intrusion Prevention

Oracle.Evil.View.Change.Password

Description

Multiple vulnerabilities have been identified in Oracle Database, including SQL injection issues and unauthorized operation issues. These vulnerabilities could be exploited by remote unauthorized attackers to arbitrarily manipulate data in database.

Affected Products

Oracle Corporation: Oracle Application Express 1.5 - 2.2
Oracle Corporation: Oracle Application Server 10g 9.0.4.3
Oracle Corporation: Oracle Application Server 10g Release 2 10.1.2.0.1
Oracle Corporation: Oracle Application Server 10g Release 2 10.1.2.0.2
Oracle Corporation: Oracle Application Server 10g Release 2 10.1.2.1.0
Oracle Corporation: Oracle Application Server 10g Release 2 10.1.2.2.0
Oracle Corporation: Oracle Application Server 10g Release 3 10.1.3.0.0
Oracle Corporation: Oracle Application Server 10g Release 3 10.1.3.1.0
Oracle Corporation: Oracle Application Server 10g Release 3 10.1.3.2.0
Oracle Corporation: Oracle Application Server 10g Release 3 10.1.3.3.0
Oracle Corporation: Oracle Collaboration Suite 10g Release 1 10.1.2.0
Oracle Corporation: Oracle Database 10g Release 1 10.1.0.5
Oracle Corporation: Oracle Database 10g Release 2 10.2.0.2
Oracle Corporation: Oracle Database 10g Release 2 10.2.0.3
Oracle Corporation: Oracle E-Business Suite Release 11i 11.5.8 - 11.5.10 CU2
Oracle Corporation: Oracle E-Business Suite Release 12 12.0.0
Oracle Corporation: Oracle E-Business Suite Release 12 12.0.1
Oracle Corporation: Oracle PeopleSoft Ent Customer Rel Mgmt 8.9
Oracle Corporation: Oracle PeopleSoft Ent Customer Rel Mgmt 9.0
Oracle Corporation: Oracle PeopleSoft Ent Human Capital Mgmt 8.9
Oracle Corporation: Oracle PeopleSoft Ent Human Capital Mgmt 9.0
Oracle Corporation: Oracle PeopleSoft Enterprise PeopleTools 8.22
Oracle Corporation: Oracle PeopleSoft Enterprise PeopleTools 8.47
Oracle Corporation: Oracle PeopleSoft Enterprise PeopleTools 8.48
Oracle Corporation: Oracle PeopleSoft Enterprise PeopleTools 8.49
Oracle Corporation: Oracle Secure Enterprise Search 10g 10.1.6
Oracle Corporation: Oracle Secure Enterprise Search 10g 10.1.8
Oracle Corporation: Oracle9i Application Server Release 1 1.0.2.2
Oracle Corporation: Oracle9i Database Release 1 9.0.1.5 FIPS+
Oracle Corporation: Oracle9i Database Release 2 9.2.0.7
Oracle Corporation: Oracle9i Database Release 2 9.2.0.8
Oracle Corporation: Oracle9i Database Release 2 9.2.0.8DV
Oracle Corporation: Oracle Application Express 1.5 - 2.2
Oracle Corporation: Oracle Application Server 10g 9.0.4.3
Oracle Corporation: Oracle Application Server 10g Release 2 10.1.2.0.1
Oracle Corporation: Oracle Application Server 10g Release 2 10.1.2.0.2
Oracle Corporation: Oracle Application Server 10g Release 2 10.1.2.1.0
Oracle Corporation: Oracle Application Server 10g Release 2 10.1.2.2.0
Oracle Corporation: Oracle Application Server 10g Release 3 10.1.3.0.0
Oracle Corporation: Oracle Application Server 10g Release 3 10.1.3.1.0
Oracle Corporation: Oracle Application Server 10g Release 3 10.1.3.2.0
Oracle Corporation: Oracle Application Server 10g Release 3 10.1.3.3.0
Oracle Corporation: Oracle Collaboration Suite 10g Release 1 10.1.2.0
Oracle Corporation: Oracle Database 10g Release 1 10.1.0.5
Oracle Corporation: Oracle Database 10g Release 2 10.2.0.2
Oracle Corporation: Oracle Database 10g Release 2 10.2.0.3
Oracle Corporation: Oracle E-Business Suite Release 11i 11.5.8 - 11.5.10 CU2
Oracle Corporation: Oracle E-Business Suite Release 12 12.0.0
Oracle Corporation: Oracle E-Business Suite Release 12 12.0.1
Oracle Corporation: Oracle PeopleSoft Ent Customer Rel Mgmt 8.9
Oracle Corporation: Oracle PeopleSoft Ent Customer Rel Mgmt 9.0
Oracle Corporation: Oracle PeopleSoft Ent Human Capital Mgmt 8.9
Oracle Corporation: Oracle PeopleSoft Ent Human Capital Mgmt 9.0
Oracle Corporation: Oracle PeopleSoft Enterprise PeopleTools 8.22
Oracle Corporation: Oracle PeopleSoft Enterprise PeopleTools 8.47
Oracle Corporation: Oracle PeopleSoft Enterprise PeopleTools 8.48
Oracle Corporation: Oracle PeopleSoft Enterprise PeopleTools 8.49
Oracle Corporation: Oracle Secure Enterprise Search 10g 10.1.6
Oracle Corporation: Oracle Secure Enterprise Search 10g 10.1.8
Oracle Corporation: Oracle9i Application Server Release 1 1.0.2.2
Oracle Corporation: Oracle9i Database Release 1 9.0.1.5 FIPS+
Oracle Corporation: Oracle9i Database Release 2 9.2.0.7
Oracle Corporation: Oracle9i Database Release 2 9.2.0.8
Oracle Corporation: Oracle9i Database Release 2 9.2.0.8DV

Impact

Privilege escalation.

Recommended Actions

The vendor has released a patch to fix this issue. Please refer to its website for more information.
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2007.html

CVE References

CVE-2007-3855