Vulnerability CVE-2013-3749 in Oracle EBS
Hi all
How solve this vulnerability CVE-2013-3749 in Oracle EBS other that to apply the patch JUL2013 CPU, as shown in the link, below, is it possible that we can trace/identify and update accordingly, log files or tables where information is trapped in the place as part of this vulnerability?
Package Oracle Critical Patch Update - July 2013
Thank you
Moor
You can find some details in (potential Logging of E-Business Suite Passwords (Doc ID 1579709.1)).
Thank you
Hussein
Tags: Oracle Applications
Similar Questions
-
Cold Oracle EBS backup and restore does not work
Hello
I made a backup with tar, while the database is open and not in mode archive (archivelog disabled) and restored on another machine.
OS = AIX 5.3
Oracle EBS 11.5.9
9i database
When I started the database I had errors.
Is there a metalink document that will help me to recover the database?
I followed the following Metalink:
Database startup fails with ORA-01113, ORA-01110 errors [146039.1 ID]
Common causes and Solutions in case of error ORA-1113 in backup & recovery [ID 183367.1]
However, I note that the foregoing applies in the case of archivelogs = active
My case: archivelogs = disabled
SQL > startup mount pfile=/oracle/proddb/9.2.0/dbs/initPROD.ora
ORACLE instance started.
Total System Global Area 615482512 bytes
Bytes of size 742544 fixed
436207616 variable size bytes
167772160 of database buffers bytes
Redo buffers 10760192 bytes
Mounted database.
SQL > SELECT V1. FILE NO., NAME
V $ BACKUP V1, V$ DATAFILE V2
WHERE V1. STATUS = 'ACTIVE' AND V1. FILE # = V2. FILE NO.; 2 3
no selected line
SQL > restore database using backup controlfile until cancel;
ORA-00279: change 3368247542 September at 10/02/2013 03:07:21 needed for thread
1
ORA-00289: suggestion: /oracle/proddb/9.2.0/dbs/arch1_637.dbf
ORA-00280: change 3368247542 thread 1 is in sequence #637
Specify the log: {< RET > = suggested |} Filename | AUTO | CANCEL}
Cancel
ORA-01547: WARNING: RECOVER succeeded but OPEN RESETLOGS would get below error
ORA-01194: file 1 needs a recovery more match
ORA-01110: data file 1: ' / oracle/proddata/system01.dbf'
ORA-01112: media recovery not started
SQL > restore database using backup controlfile until cancel;
ORA-00279: change 3368247542 September at 10/02/2013 03:07:21 needed for thread
1
ORA-00289: suggestion: /oracle/proddb/9.2.0/dbs/arch1_637.dbf
ORA-00280: change 3368247542 thread 1 is in sequence #637
Specify the log: {< RET > = suggested |} Filename | AUTO | CANCEL}
ORA-00308: cannot open archived log ' / oracle/proddb/9.2.0/dbs/arch1_637.dbf'
ORA-27037: unable to get file status
IBM AIX RISC System/6000 error: 2: no such file or directory
Additional information: 3
ORA-01547: WARNING: RECOVER succeeded but OPEN RESETLOGS would get below error
ORA-01194: file 1 needs a recovery more match
ORA-01110: data file 1: ' / oracle/proddata/system01.dbf'
SQL > alter database open resetlogs;
ALTER database open resetlogs
*
ERROR on line 1:
ORA-01194: file 1 needs a recovery more match
ORA-01110: data file 1: ' / oracle/proddata/system01.dbf'
SQL > select HXFIL File_num, substr(HXFNM,1,40) filename, Type FHTYP, HXERR validity.
FHSCN SNA, FHTNM TABLESPACE_NAME, status FHSTA, FHRBA_SEQ sequence
x $ KCVFH;
.....
.....
.....
419 selected lines.981553 wrote:
I understand that hot backups can be done with noarchivelog and data will be inconsistent.Fix.
However, the database should not be able to recover some data are there in data files and commissioning normally.
This is my question and my concern. I looked for Metalink and couldn't find anything about it.
I want to start the database with all this that data is present after the backup. All the solutions for such a scenario?
If you took an offline backup, you can recover the database to restore all the files and bring services up (without recovery is needed here).
And, as you mentioned "hot backups can be done with noarchivelog and data will be inconsistent.
Thank you
Hussein -
WebLogic vulnerability: CVE-2010-0073
Hello guys,.
Oracle announced a vulnerability CVE-2010-0073.
Link:
http://www.Oracle.com/technology/deploy/security/alerts/alert-CVE-2010-0073.html
I'm not using nodemanager, do I still have to apply this hotfix. In addition, don't know if I need to apply the patch to 10 mp1?
any suggestions?I always recommend to contact support if you have any questions about the vulnerability or the patch.
I read this earlier and there seems to be a vulnerability specifically with Node Manager. So if you use it, which means that a Node Manager process runs, it seems to me that you may be ok. Windows install will ask to install Node Manager as a Service during installation, even if you're not thinking that you use, check again. Don't trust me, I slept in a Holiday Inn Express last night. Finally, check with the Support of Oracle.
-
Vulnerability CVE-2015-7547 glibc on SRA series
Glibc recently patched vulnerability (CVE-2015-7547) apply to the SRA series products? See
Hi Teemup,
Here is the official information related this vulnerability
https://support.software.Dell.com/product-notification/187642?ProductName=SonicWALL%20SRA%20Series
Ben D
Reference Dell SonicWall
#Iwork4Dell -
Vulnerability CVE-2016-5340 blackBerry Smartphones
On my STV100-4 with the last patch on 5 August, with AAG111 installed, it still shows a vulnerability CVE-2016-5340 when I run the scanner QuadRooter of Check Point. The latest patch AAG111 should remove the vulnerability CVE-2016-5340. It is the scanner that show the wrong result or?. It is with the same question?
Appreciate any comments!
barconsult wrote:
On my STV100-4 with the last patch on 5 August, with AAG111 installed, it still shows a vulnerability CVE-2016-5340 when I run the scanner QuadRooter of Check Point. The latest patch AAG111 should remove the vulnerability CVE-2016-5340. It is the scanner that show the wrong result or?. It is with the same question?
Appreciate any comments!
Hi @barconsult
I can confirm that you are patched since you are on AAG111.
Please see the following that we have added to our article on this problem.
A third-party application reports a version as vulnerable when the consultative document lists it as not affected. Why is this?
BlackBerry is not responsible for third-party applications, but is aware that some applications check the versions of component instead of trying to reproduce a vulnerability. Because this approach does not take into account differences in specific implementations, it is possible for these tests to give a false positive reaction. BlackBerry has tested these patches and I can confirm that hotfix versions that are listed in this notice are not affected by problems of QuadRooter, including ASHmenian hell.
-
Partially removed Microsoft Java CVE-2013-2423 security scanner
Hello
I ran the Security Scanner version 1.0.3001.0 Microsoft and he has detected the malicious program JAVA/CVE-2013-2423 and indicated that it was partially removed.
I deleted all my Win 7 Pro x 64 system Java programs and represented the program with the same results, only partial removal.
I deleted all restore and backup points and the scan is represented with the same results.
The scanner said three files were infected. But that doesn't tell you which files they are.
There is no way to determine what should be deleted from the system. When you click on "View detailed results of the analysis" what you get is a pop-up with two columns: Malware and analysis of the results. Only in the column of malware: exploit: Java/CVE-2013-2423. The results of the analysis indicates: partially removed.
The popup box also indicates: to view the manual steps, click the name of the virus, spyware or potentially unwanted software. When I click on the name of the virus, I get a Web page on the virus and it says it takes to remove programs, I did after the first scan, but the Scanner still shows its presence.
I think Microsoft should modify this program to give the full path to the infected files.
This is the first time I ran the Microsoft Safety Scanner. My internet security software is ESET Smart Security 7. I also run Windows Defender and SUPERAntiSpyware Pro, but none of these programs has detected this threat.
Is there a solution to this problem?
Thanks in advance for your help.
Concerning
This problem has been resolved. Although I just updated to ESET Smart Security 6 at 7, I didn't run a scan complete with ESET SS 7 still. ESET SS 7 found and removed the threat.
Concerning
-
application background Oracle EBS/Apps adapter
version: 12.1.3 (12 c)
I am using Oracle EBS adapter to call the api of PL/SQL (PO_CHANGE_API1_S.UPDATE_PO) through integration rep. I referred to the documentation for your card for Oracle Applications Concepts . I have configured the following properties
- jca.apps.Username
- jca.apps.Responsibility
- jca.apps.ORG_ID
- jca.apps.RespApplication
- jca.apps.SecurityGroup
However, the appeal of the PLSQL API, get the error as
< UPDATE_PO > 0 < / UPDATE_PO >
-< X_API_ERRORS >
-< MESSAGE_NAME >
< MESSAGE_NAME_ITEM >PO_INVALID_DOC_IDS< / MESSAGE_NAME_ITEM >
< / MESSAGE_NAME >
-< MESSAGE_TEXT >
< MESSAGE_TEXT_ITEM > your ID [Doc Id = & annual] document is invalid or not found. < / MESSAGE_TEXT_ITEM >
< / MESSAGE_TEXT >
-< table_name >
< MESSAGE_NAME_ITEM > PO_HEADERS < / MESSAGE_NAME_ITEM >
< / TABLE_NAME >
-< nom_de_colonne >
< MESSAGE_NAME_ITEM > PO_HEADER_ID < / MESSAGE_NAME_ITEM >
< / nom_de_colonne >
-< ENTITY_TYPE >
< MESSAGE_NAME_ITEM xsi: Nil = "true" / >
< / ENTITY_TYPE >
-< ENTITY_ID >
< ENTITY_ID_ITEM xsi: Nil = "true" / >
< / ENTITY_ID >
-< PROCESSING_DATE >
< PROCESSING_DATE_ITEM > 2016-02-08T 19: 52:06.000 + 05:30 < / PROCESSING_DATE_ITEM >
< / PROCESSING_DATE >
-< MESSAGE_TYPE >
< MESSAGE_TYPE_ITEM xsi: Nil = "true" / >
< / MESSAGE_TYPE >
< / X_API_ERRORS >
Am I missing something here?
Rgds
Sen
I resolved to myself. To restart the server solved the problem.
-
Oracle EBS 12.1.3 last CPP
Hi, when Oracle plans to publish RPC5. Anyone has idea about it. We intend to apply the last RPC to our Oracle EBS 12.1.3, so for now RPC4's last straight. Please confirm.
One is applied RPC4 part of their patch updates? If Yes can you give us the issues or bugs. While it will be very useful plan our activities. Thank you.
There is no date is provided for when a new RPC can be released. As you noted, Oracle E-Business Suite Release 12.1.3 + Recommended Patch Collection 4 [RPC4] has been released via Patch 21236633and is currently the latest EBS CPP, released October 21, 2015.
-
Can Hello Experts - anyone provide your experience with Oracle EBS ORS and upgrades?
Our current Version of EBS is 12.1.3.
We are 2.5 YEARS behind all the ORS. We are weather to think of the upgrade or just Rollup... Pls suggest
Thank you
Sandy
Hello
Applying the RUP is easier than to do an upgrade.
Oracle EBS 12.1.3 will be supported for a few years (Dec 2016 for assistance first and December 2019 for the support extended).
If you wish to enjoy some of the new features in 12.2 then you can do the upgrade.
Kind regards
Bashar
-
You want to refresh messge - Oracle EBS
Hi friends,
Kindly help me on this. I want to level header to level changes line cascading. Forms of Oracle EBS R12.
RDBMS: 11.2.0.3.0
Oracle Applications: 12.1.3
I did the code changes. But the changes are not thinking at the level of the line. during the review of the code - someone who suggests.
make a pop as
You want to update the records?
YES NO
If you click Yes - reports should update.
can someone help me how to do such a pop up and clicking Yes-how do to refresh.
Let me know if you have any questions.
Thank you...
For this error, I think that go_block is not allowed on your action.
First of all you check your code - go one block then try to execute the query
you need to debug your code
-
Obtain information from the OS - where Oracle EBS installed
Hi friends,
I raise a SR Oracle for more help about Oracle EBS R12. but I need to provide some information.
Operating system/Version - how can we get this information - is there any query or is it possible to get this info.
Thank you and best regards,
User
I got the info from my DBA.
-
Hello, I am new to the Oracle Forum. I'm a BI developer and I need to compare data Oracle EBS in my organization with the data in the data warehouse to make sure they match. I am using Informatica for this process by pulling the two sources and comparing. Can someone give me a brief example to make this process or similar methods with Informatica and its transformations so that it can be useful. Thanks in advance. Let me know if you need more information about the process.
Looks like you are trying to make a reconciliation process? That is you can have implemented BIAPPS (or something custom) and now I want to check your ETL? If this is the case then it's good enough for a test case - we usually start with senior level (actual numbers for each group of companies, for example), then a subset of other different queries for example as per a level in the hierarchy of the org, by position, dates etc.
and much more expensive as the implement of OLIVIER
I don't think there are many in the world that is more expensive than the implementation of OLIVIER!
-
What are the steps to perform when the IP changes for Oracle EBS 12.1.3 on RHEL 6
Hello
We have Oracle EBS 12.1.3 installed on RHEL 6 with Oracle short built-in extensions.
Now the server IP address will change.
Wanted to know the steps to take if the IP address changes so that our instance is running.
Thanks in advance.
Thank you
Patricia
See MOS Doc 751328.1
-
Oracle EBS 12.2.5 on redhat 7
Hello
Did anyone installed Oracle EBS 12.2.5 on redhat 7 yet?
I use a directory of scene with startcd version 50
I'm trying, but installation fails with
Exception string: error in invoking target 'install' of makefile ' / oracle1/VIS/fs2/FMW_Home/webtier/webcache/lib/ins_calypso.mk'. See ' / oracle/oraInventory/logs/install2015-11-04_04-23-07PM.log' for details.
The installation fails to/oracle/soft/ebs/TechInstallMedia/ohs11117/Disk1/runInstaller - waitForCompletion - ignoreSysPrereqs - force - silent - responsefile /oracle1/VIS/fs2/inst/apps/VIS_svlirc21/temp/cfgHome/response/APPS_OHS_HOME/txkOHS_11117.rsp
All prerequisitis in DOC ID 1330701.1 are ok
Thanks for the help
You're in for a lot of pain! The webtier components delivered with EBS do compilation/installation on RH7.x without a bit of hacking.
If you want to try, you can work around this error by updating sysliblist
for example:
sed-i of /-ldl - lm - lpthread - c - lirc - lipgo / - ldl - lm - lpthread - c - lirc - lipgo-ldms2 - lrt/g ' sysliblist
But you will hit the next mistake after that...
-
Hello
There is some confusion regarding Oracle EBS certified to run on AWS cloud.
Can someone share the details here if anything?
Thank you
Kind regards
Jonathan
Configuration of Oracle E-Business Suite Release 12 on Amazon Cloud Infrastructure (Doc ID 1205963.1)
Check this note. If this isn't the case certified, Oracle would have not published this note
concerning
Pravin
Maybe you are looking for
-
help install keyboard with numeric pad apple scopes
I just got the apple keyboard with the help of the numerical keys. The instructions say to connect, hit the Apple icon and the software update. It was not an option to do this, so I went to the applications and selected updates. No updates to inst
-
AirPlay has stopped working after several months of STR DN850
My Sony STR DN850 has worked perfectly with AirPlay for 8 months. When you use iTunes on my iMac or my Mackbook pro, I just need to play a song, and my receiver turns on and play the song. Now the small speaker selection box at the top of the window
-
Computer does not not video clips
I am still unable to get videos to play (except downloaded precedents). Had no problems with it before. I tried VLC media player and also make sure that WMP is by default, but in vain. I'm sure it's kind of a miracle since all else works great. Wi
-
I upgraded from win7 to win10. I have an App and the printer that I use for my business that worked well with 7, but acknowledged not all printers within 10 years. I'm trying to set up a virtual machine running 7, but I don't have the installation
-
NavigationPane ButtonBack question
Hi all, I tried to change NavigationPane backButton, but nothing happens. This is a bug or I'm doing wrong? Here is my code: NavigationPane { id: navigationPane paneProperties: NavigationPaneProperties { backButton: ActionItem { title: "text" imageSo