Vulnerability Name:

CVE-2007-3862 (CCN-35490)

Assigned:2007-07-17
Published:2007-07-17
Updated:2017-07-29
Summary:Unspecified vulnerability in Oracle Application Server 9.0.4.3 and 10.1.2.0.2 allows remote attackers to have an unknown impact via Oracle Single Sign On, aka AS01.
As the impact type is unspecified, it has been set to a default value of "Obtain Other Access (e.g. application account)."
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Informational
References:Source: MITRE
Type: CNA
CVE-2007-3853

Source: MITRE
Type: CNA
CVE-2007-3854

Source: MITRE
Type: CNA
CVE-2007-3855

Source: MITRE
Type: CNA
CVE-2007-3856

Source: MITRE
Type: CNA
CVE-2007-3857

Source: MITRE
Type: CNA
CVE-2007-3858

Source: MITRE
Type: CNA
CVE-2007-3859

Source: MITRE
Type: CNA
CVE-2007-3860

Source: MITRE
Type: CNA
CVE-2007-3861

Source: MITRE
Type: CNA
CVE-2007-3862

Source: MITRE
Type: CNA
CVE-2007-3863

Source: MITRE
Type: CNA
CVE-2007-3864

Source: MITRE
Type: CNA
CVE-2007-3865

Source: MITRE
Type: CNA
CVE-2007-3866

Source: MITRE
Type: CNA
CVE-2007-3867

Source: MITRE
Type: CNA
CVE-2007-3868

Source: MITRE
Type: CNA
CVE-2007-3869

Source: MITRE
Type: CNA
CVE-2007-3870

Source: CCN
Type: HP Security Bulletin HPSBMA02133 SSRT061201 rev.5
HP Oracle for OpenView (OfO) Critical Patch Update

Source: HP
Type: UNKNOWN
SSRT061201

Source: SECUNIA
Type: Vendor Advisory
26114

Source: SECUNIA
Type: UNKNOWN
26166

Source: CCN
Type: SECTRACK ID: 1018415
Oracle Database and Other Products Have Unspecified Vulnerabilities With Unspecified Impact

Source: CCN
Type: iMPERVA Web site
Oracle EBS - XSS Vulnerability

Source: MISC
Type: UNKNOWN
http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf

Source: CCN
Type: US-CERT VU#322460
Oracle Collaboration Suite denial of service vulnerability

Source: CCN
Type: Oracle Critical Patch Update - July 2007
Oracle Critical Patch Update Advisory - July 2007

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html

Source: CCN
Type: OSVDB ID: 39962
Oracle PeopleSoft PeopleTools App Designer Component Unspecified Remote Issue

Source: CCN
Type: OSVDB ID: 39963
Oracle PeopleSoft PeopleTools Reporting Run Control Parameters Unspecified Remote Issue

Source: CCN
Type: OSVDB ID: 39964
Oracle PeopleSoft PeopleTools PIA Component Unspecified XSS (PSE03)

Source: CCN
Type: OSVDB ID: 39965
Oracle PeopleSoft Customer Relationship Management Online Marketing Unspecified Cleartext Password Disclosure

Source: CCN
Type: OSVDB ID: 39966
Oracle PeopleSoft Customer Relationship Management Online Marketing HTTP Unspecified Remote Issue (PSE05)

Source: CCN
Type: OSVDB ID: 39967
Oracle PeopleSoft Human Capital Management Unspecified Local Issue

Source: CCN
Type: OSVDB ID: 39968
Oracle PeopleSoft Human Capital Management Unspecified Local Information Disclosure

Source: CCN
Type: OSVDB ID: 39969
Oracle Instant Messaging/Presence HTTP Unspecified Remote Issue

Source: CCN
Type: OSVDB ID: 39971
Oracle Application Server Single Sign On (SSO) HTTP Unspecified Remote Issue

Source: CCN
Type: OSVDB ID: 39972
Oracle JDeveloper JBO.KEY Unspecified Remote DoS

Source: CCN
Type: OSVDB ID: 39973
Oracle JDeveloper JBO.SERVER HTTP Unspecified Local Issue

Source: CCN
Type: OSVDB ID: 39974
Oracle Internet Directory LDAP Unspecified Remote Information Disclosure

Source: CCN
Type: OSVDB ID: 39975
Oracle Database JavaVM DBMS_JAVA_TEST DBMS_PRVTAQIS SQL Injection

Source: CCN
Type: OSVDB ID: 39978
Oracle Database Data Mining DMSYS.DMP_SYS Unspecified Remote Issue

Source: CCN
Type: OSVDB ID: 39983
Oracle Database Text Session Creation Unspecified Remote Issue (DB05)

Source: CCN
Type: OSVDB ID: 39984
Oracle Database Text CTXSYS.DRVXMD Unspecified Remote Issue

Source: CCN
Type: OSVDB ID: 39985
Oracle Database Text CTXSYS.DRI_MOVE_CTXSYS Unspecified Remote Issue

Source: CCN
Type: OSVDB ID: 39986
Oracle Database Text CTXSYS.DRVXMD Unspecified Remote Issue

Source: CCN
Type: OSVDB ID: 39987
Oracle Database Text Session Creation Unspecified Remote Issue (DB09)

Source: CCN
Type: OSVDB ID: 39990
Oracle Database Rules Manager EXFSYS.DBMS_RLMGR_UTL Unspecified Remote Issue

Source: CCN
Type: OSVDB ID: 39992
Oracle Database Progam Interface Unspecified Remote DoS

Source: CCN
Type: OSVDB ID: 39993
Oracle Database JavaVM Unspecified Remote Issue

Source: CCN
Type: OSVDB ID: 39994
Oracle Database Spatial MDSYS.SDO_GEOR_INT Unspecified Remote DoS

Source: CCN
Type: OSVDB ID: 39998
Oracle E-Business Suite Customer Intelligence Unspecified Remote Unauthenticated Issue

Source: CCN
Type: OSVDB ID: 39999
Oracle E-Business Suite Configurator HTTP Unspecified Remote Issue

Source: CCN
Type: OSVDB ID: 40000
Oracle E-Business Suite iExpenses HTTP Unspecified Remote Issue

Source: CCN
Type: OSVDB ID: 40001
Oracle E-Business Suite Application Object Library HTTP Unspecified Remote Information Disclosure (APPS04)

Source: CCN
Type: OSVDB ID: 40002
Oracle E-Business Suite Application Object Library HTTP Unspecified Remote Information Disclosure (APPS05)

Source: CCN
Type: OSVDB ID: 40003
Oracle E-Business Suite Application Object Library HTTP Unspecified Remote Information Disclosure (APPS06)

Source: CCN
Type: OSVDB ID: 40004
Oracle E-Business Suite Customer Intelligence Unspecified Remote Information Disclosure

Source: CCN
Type: OSVDB ID: 40005
Oracle E-Business Suite Payments Unspecified Remote Information Disclosure

Source: CCN
Type: OSVDB ID: 40006
Oracle E-Business Suite Application Object Library Unspecified Remote Information Disclosure

Source: CCN
Type: OSVDB ID: 40007
Oracle E-Business Suite Human Resources Unspecified Remote Information Disclosure

Source: CCN
Type: OSVDB ID: 40008
Oracle E-Business Suite iRecruitment Administrator Unspecified Remote Information Disclosure

Source: CCN
Type: OSVDB ID: 40009
Oracle E-Business Suite Payables Payable User Unspecified Remote Information Disclosure (APPS12)

Source: CCN
Type: OSVDB ID: 40010
Oracle E-Business Suite Payables Payable User Unspecified Remote Information Disclosure (APPS13)

Source: CCN
Type: OSVDB ID: 40011
Oracle E-Business Suite Payables Payable User Unspecified Remote Information Disclosure (APPS14)

Source: CCN
Type: Red-Database-Security Web site
Details Oracle Critical Patch Update July 2007 - V1.01

Source: MISC
Type: UNKNOWN
http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html

Source: SECTRACK
Type: UNKNOWN
1018415

Source: CERT
Type: US Government Resource
TA07-200A

Source: VUPEN
Type: UNKNOWN
ADV-2007-2562

Source: VUPEN
Type: UNKNOWN
ADV-2007-2635

Source: XF
Type: UNKNOWN
oracle-cpu-july2007(35490)

Source: XF
Type: UNKNOWN
oracle-cpu-july2007(35490)

Source: CCN
Type: IBM Internet Security Systems X-Force Database
Oracle Database SQL Compiler unauthorized View access

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:application_server:9.0.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.2.0.2:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.2.0.1:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.2.0.2:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.5:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.0.7:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:collaboration_suite:10.1.2:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.10:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.2.0.2:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:9.0.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.22:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.47:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.48:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.0.8:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.2.0.3:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:secure_enterprise_search:10.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:12.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise_human_capital_management:8.9:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.0.1.5::fips+:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.0.8dv:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:secure_enterprise_search:10.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:12.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.49:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise_human_capital_management:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise_customer_relationship_management:8.9:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise_customer_relationship_management:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:http_server:9.2.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    oracle application server 9.0.4.3
    oracle application server 10.1.2.0.2
    oracle application server 1.0.2.2
    oracle application server 10.1.2.0.1 r2
    oracle application server 10.1.2.0.2 r2
    oracle database server 10.1.0.5 r1
    oracle database server 9.2.0.7 r2
    oracle collaboration suite 10.1.2 r1
    oracle e-business suite 11.5.10
    oracle database server 10.2.0.2 r2
    oracle application server 9.0.4.3
    oracle peoplesoft enterprise peopletools 8.22
    oracle peoplesoft enterprise peopletools 8.47
    oracle peoplesoft enterprise peopletools 8.48
    oracle database server 9.2.0.8 r2
    oracle database server 10.2.0.3 r2
    oracle secure enterprise search 10.1.6
    oracle e-business suite 12.0.0
    oracle peoplesoft enterprise human capital management 8.9
    oracle database server 9.0.1.5
    oracle database server 9.2.0.8dv r2
    oracle secure enterprise search 10.1.8
    oracle e-business suite 12.0.1
    oracle peoplesoft enterprise peopletools 8.49
    oracle peoplesoft enterprise human capital management 9.0
    oracle peoplesoft enterprise customer relationship management 8.9
    oracle peoplesoft enterprise customer relationship management 9.0
    oracle e-business suite 11.5.8
    oracle e-business suite 11.5.9
    oracle http server 9.2.0