製品・ソフトウェアに関する情報

JVN脆弱性詳細

Oracle Database Server の Application Express における脆弱性

Title	Oracle Database Server の Application Express における脆弱性
Summary	Oracle Database Server の Application Express には、完全性に影響のある脆弱性が存在します。
Possible impacts	第三者により、情報を改ざんされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 16, 2013, midnight
Registration Date	April 18, 2013, 2:13 p.m.
Last Update	Nov. 8, 2013, 1:44 p.m.

Affected System

オラクル

Oracle Database の Application Express 4.2.1 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2013-1519	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1519
National Vulnerability Database (NVD)
2	CVE-2013-1519	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1519

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-noinfo	https://www.ipa.go.jp/security/vuln/CWE.html#CWEnoinfo

ベンダー情報

No	Name	URL
opensuse-security-announce
1	SUSE-SU-2013:0810	http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00005.html
2	SUSE-SU-2013:0811	http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00006.html
Oracle Critical Patch Update
3	Oracle Critical Patch Update Advisory - April 2013	http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
4	Text Form of Oracle Critical Patch Update - April 2013 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpuapril2013verbose-1899563.html
Security Advisories
5	MDVSA-2013:150	http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:150/?name=MDVSA-2013:150
SECURITY BLOG
6	April 2013 Critical Patch Update Released	https://blogs.oracle.com/security/entry/april_2013_critical_patch_update

Change Log

No	Changed Details	Date of change
0	[2013年04月18日] 掲載 [2013年06月03日] ベンダ情報：Novell (SUSE-SU-2013:0811) を追加ベンダ情報：Novell (SUSE-SU-2013:0810) を追加 [2013年11月08日] ベンダ情報：Mandriva, Inc. (MDVSA-2013:150) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2013-1519

Summary	Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.1 allows remote attackers to affect integrity via unknown vectors.
Publication Date	April 17, 2013, 9:19 p.m.
Registration Date	Jan. 26, 2021, 3:36 p.m.
Last Update	Nov. 21, 2024, 10:49 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:oracle:database_server:4.2.1:::::::*

Related information, measures and tools

No	URL	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00005.html
2	http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00005.html
3	http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00006.html
4	http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00006.html
5	http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
6	http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
7	http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html	Vendor Advisory
8	http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html	Vendor Advisory

Common Vulnerabilities List