http://www.integrigy.com/Integrigy_Oracle_CPU_April_2007_Analysis.pdf
Vulnerability "anthropologists" may be interested in the fact that this
vulnerability has existed since at least September 1999 and likely was
introduced several years earlier with the release of Oracle Applications
11.0. Oracle fixed this bug in less than 2 months by simply stubbing the
procedure - clearly this was old code not used anymore by the application.
I wonder how much first generation web application code exists in the world
that is still accessible but automated scanning tools miss since it is not
directly accessible through a link?
4. Affected Components Description
================================ ==
"Oracle VM is server virtualization software which fully supports both Oracle and non-Oracle applications. Oracle VM offers scalable, low-cost server
virtualization that is three times more efficient than existing server virtualization products from other vendors. Oracle has also announced
certification of key Oracle products including Oracle Database, Oracle Fusion Middleware, Oracle Applications, and Oracle Real Application Clusters
with Oracle VM."
"Oracle VM Manager communicates with Oracle VM Agent to create and manage guests on an Oracle VM Server. Oracle VM Agent is installed and configured
4. Affected Components Description
================================ ==
"Oracle VM is server virtualization software which fully supports both Oracle and non-Oracle applications. Oracle VM offers scalable, low-cost server
virtualization that is three times more efficient than existing server virtualization products from other vendors. Oracle has also announced
certification of key Oracle products including Oracle Database, Oracle Fusion Middleware, Oracle Applications, and Oracle Real Application Clusters
with Oracle VM."
"Oracle VM Manager communicates with Oracle VM Agent to create and manage guests on an Oracle VM Server. Oracle VM Agent is installed and configured
ZDI-09-017: Oracle Applications Server 10g Format String Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-017
April 14, 2009
-- Affected Vendors:
Oracle
-- Affected Products:
Oracle Application Server
4. Affected Components Description
================================ ==
"Oracle VM is server virtualization software which fully supports both Oracle and non-Oracle applications. Oracle VM offers scalable, low-cost server
virtualization that is three times more efficient than existing server virtualization products from other vendors. Oracle has also announced
certification of key Oracle products including Oracle Database, Oracle Fusion Middleware, Oracle Applications, and Oracle Real Application Clusters
with Oracle VM."
"Oracle VM Manager communicates with Oracle VM Agent to create and manage guests on an Oracle VM Server. Oracle VM Agent is installed and configured
