Release date:
Updated on:
Affected Systems:
Oracle Application Server 10.1.3.5.0
Oracle Oracle10g Enterprise Edition
Oracle Oracle10g Personal Edition
Oracle Oracle10g Standard Edition
Description:
--------------------------------------------------------------------------------
Bugtraq id: 48755
Cve id: CVE-2011-2232
Oracle Application Server is an Application development and management platform that establishes a new enterprise Application framework and builds a Web system for enterprises.
Oracle Application Server has a remote security vulnerability in the implementation of XML Developer Kit. Remote attackers use different protocols to gain full control of XML Developer Kit when they have Authenticated session permissions, and execute any code in it.
<* Source: Oracle
Link: http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Oracle
------
Oracle has released a Security Bulletin (cpujuly2011-313328) and patches for this:
Cpujuly2011-313328: Oracle Critical Patch Update Advisory-July 2011
Link: http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html