WebLogic vulnerability: CVE-2010-0073

Hello guys,.
Oracle announced a vulnerability CVE-2010-0073.
Link:
http://www.Oracle.com/technology/deploy/security/alerts/alert-CVE-2010-0073.html

I'm not using nodemanager, do I still have to apply this hotfix. In addition, don't know if I need to apply the patch to 10 mp1?

any suggestions?

I always recommend to contact support if you have any questions about the vulnerability or the patch.

I read this earlier and there seems to be a vulnerability specifically with Node Manager. So if you use it, which means that a Node Manager process runs, it seems to me that you may be ok. Windows install will ask to install Node Manager as a Service during installation, even if you're not thinking that you use, check again. Don't trust me, I slept in a Holiday Inn Express last night. Finally, check with the Support of Oracle.

Tags: Fusion Middleware

Similar Questions

  • Vulnerability CVE-2012-1723 Java and ColdFusion.

    I have a few questions about Coldfusion, especially for me 9.0.1, about Java.  I've updated the JVM for Coldfusion in the past due to a vulnerability to a version that has been sanctified by Adobe to use, version 1.6.0_24.  It is vulnerability: CVE-2010-4476

    It is first of all a particular vulnerability, CVE-2012-1723, which applies to the Coldfusion server?  Second, what is the current version of Java sanctified by Adobe?  Finally, what are the consequences of the use of a version not sanctified Java with Coldfusion?

    Adobe has not 'certified' ColdFusion 9 on a newer version of the JVM as version 1.6.0_24. The unofficial word on the street is that Adobe support will still work with you if you have a new JAVA virtual machine, although they could ask to eat at 1.6.0_24.   Adobe has certified only a new version of a machine virtual JAVA outside of a major release twice as I remember, when was the first time the day light savings time rules changed, and the second was the vulnerability of denial that exists in versions prior to 1.6_0_24.  Adobe will support Java 7 CF9 and 10 due to the EOL Java6 according to this blog entry: http://blogs.coldfusion.com/post.cfm/java-7-support-for-coldfusion Vulnerability CVE-2012-1723 allows to bypass the java security sandbox, so maybe it's something you'd be worried on a ColdFusion server. If you have turned on sandbox security.

  • For CVE-2010-4476 Oracle security alert

    Hello

    We got an alert oracle Oracle about the security alert for CVE-2010-4476 Oracle. As the details given below link
    http://www.Oracle.com/technetwork/topics/security/alert-CVE-2010-4476-305811.html

    I checked that it is necessary for Windows, Linux and Solaris platforms. I got confused. This security patch to apply on the HP - UX platforms? Please notify.

    I never registered it yet.

    You don't need to apply it if you still use Jinitiator, as this correction of a vulnerability in the JRE.

    Thank you
    Hussein

  • How to remove the Exploit: Win32 / CVE-2010-3336

    Original title: Exploit: Win32 / CVE-2010-3336

    Does anyone know how to remove the Exploit: Win32 / CVE-2010-3336?

    Hi Bob,

    This may be due to malicious software or viruses on the computer.

    You have security software installed on the computer?

    If you have installed security software, I suggest you run a security scan and check if it helps to remove malicious software.

    In addition, you can also run Microsoft safety scanner to search for infected files.

    The Microsoft Security Scanner is a downloadable security tool for free which allows analysis at the application and helps remove viruses, spyware and other malware. It works with your current antivirus software.

    See the link to download and run the Analyzer:

    http://www.Microsoft.com/security/scanner/en-us/default.aspx

    Note: The Microsoft Safety Scanner ends 10 days after being downloaded. To restart a scan with the latest definitions of anti-malware, download and run the Microsoft Safety Scanner again.

    Note: The data files that are infected must be cleaned only by removing the file completely, which means that there is a risk of data loss.

    Please let us know if the problem still persists. We will be happy to help you.

  • malware has been detected: partially removed, how to remove the rest of it - operate: Java/CVE-2010-0840. EX

    Exploit: Java/CVE-2010-0840. EX

    The above malware was detected on my computer; has been partially removed, how

    remove the rest?

    Hello
    Try the sequence of steps 1 and 2 in this virus/malware removal guide: http://www.selectrealsecurity.com/malware-removal-guide
    It contains instructions which will remove the malware more. If you have any questions, just ask me. I hope this helps you.
    Brian

  • Infection by the virus. feat: java / cve-2010-0840. THIS

    I was infected by a virus (initial symptom was redirecting me to different sites every time that I click on a google search result.)  I tried to clean it with a number of scanners (AVG, VIPRE, Trend Micro, Microsoft MSERT) a number of viruses have been found and cleaned (Ramnit.B, VBS/Generic, feat: java / cve-2010-0840.) THIS).

    However I have 2 pending problems, firstly when I run Microsoft MSERT there but that partially removes feat: java / cve-2010-0840. IT - I can't find out how to uninstall completely, then my initial symptom (mentioned above) which happens in internet explore (v8), Chrome and Firefox has not been set.
    Can anyone help?

    Uninstall all previous versions of Java, then make sure you have only one version (the latest version)

  • Exploit: Java / CVE-2010-840. AH, Malware partially stilll in my computer, what should I continue to delete the rest

    I just found out that I was spreading a virus via my computer to everyone on my e-mail list. my computer was sending *. I ran the scan of Microsoft, which had partially removed the virus but my computer may still be infected. The offender's FEAT: Java / CVE-2010-84. AG. Suggestions on how to get the rest? I use AVAST security system and my Basic for microsoft firewall, I use more? and how we remove older versions of Java?

    Hi Christine,

    ·         Microsoft safety scanner are you referring?

    ·         You have the latest updates for Avast?

    Method 1: Check if you have run this scanner. Check out the following link to do the same thing.

    Microsoft Safety Scanner - free online tool for PC health and safety

    Method 2: Check if you have the latest definitions for Avast. Log of Avast Web site.

    Method 3:

    Step 1: To uninstall older versions, see the following link.

    Why should I remove old versions of Java in my system?

    Step 2: To install the latest version, visit the following link.

    Download the free Java software

  • How to remove virus PC cve-2010 - 0840.BE.

    Hello

    I've been running OneCare Safety Scanner on my PC & it has detected an infection "CVE-2010 - 0840.BE" that it is impossible to clean.

    Malwarebytes and my McAfee antivirus on board do not detect it.  What should I do?

    Thank you

    Michael

    Hi Michael_42,

    Have you tried to advocate or Security Essentials?   In JB post, the link has another link to download the latest definitions for Microsoft virus software.  Please see the following:

    http://www.Microsoft.com/security/portal/definitions/ADL.aspx

    I hope this helps!

  • Vulnerability CVE-2015-7547 glibc on SRA series

    Glibc recently patched vulnerability (CVE-2015-7547) apply to the SRA series products? See

    Hi Teemup,

    Here is the official information related this vulnerability

    https://support.software.Dell.com/product-notification/187642?ProductName=SonicWALL%20SRA%20Series

    Ben D
    Reference Dell SonicWall
    #Iwork4Dell

  • Vulnerability CVE-2016-5340 blackBerry Smartphones

    On my STV100-4 with the last patch on 5 August, with AAG111 installed, it still shows a vulnerability CVE-2016-5340 when I run the scanner QuadRooter of Check Point. The latest patch AAG111 should remove the vulnerability CVE-2016-5340. It is the scanner that show the wrong result or?. It is with the same question?

    Appreciate any comments!

    barconsult wrote:

    On my STV100-4 with the last patch on 5 August, with AAG111 installed, it still shows a vulnerability CVE-2016-5340 when I run the scanner QuadRooter of Check Point. The latest patch AAG111 should remove the vulnerability CVE-2016-5340. It is the scanner that show the wrong result or?. It is with the same question?

    Appreciate any comments!

    Hi @barconsult

    I can confirm that you are patched since you are on AAG111.

    Please see the following that we have added to our article on this problem.

    38385 BSRT-2016-007 vulnerability in Qualcomm impact BlackBerry kernel driver powered by Android sm...

    A third-party application reports a version as vulnerable when the consultative document lists it as not affected. Why is this?

    BlackBerry is not responsible for third-party applications, but is aware that some applications check the versions of component instead of trying to reproduce a vulnerability. Because this approach does not take into account differences in specific implementations, it is possible for these tests to give a false positive reaction. BlackBerry has tested these patches and I can confirm that hotfix versions that are listed in this notice are not affected by problems of QuadRooter, including ASHmenian hell.

  • Vulnerability CVE-2013-3749 in Oracle EBS

    Hi all


    How solve this vulnerability CVE-2013-3749 in Oracle EBS other that to apply the patch JUL2013 CPU, as shown in the link, below, is it possible that we can trace/identify and update accordingly, log files or tables where information is trapped in the place as part of this vulnerability?

    Package Oracle Critical Patch Update - July 2013

    Thank you

    Moor

    You can find some details in (potential Logging of E-Business Suite Passwords (Doc ID 1579709.1)).

    Thank you

    Hussein

  • patch for the vulnerability CVE-2016-0953 on photoshop 13.0

    Hello

    Where can I find the patch to correct vulnerabilities - 0953-2016-CVE CVE - 2012 - 027, CVE-2016-0952, CVE-2016-0951 for photoshop 13.0?

    Help > updates watch "your applications are all up to date.

    Help, please

    concerning

    Badiss

    You will not. Photoshop CS6 does never update.  Creative Cloud now includes Creative Suite Master Collection and Design Premium features

    Adobe - Photoshop: For Windows

    2013 was the last update. Camera Raw is stopped to 9.1.1

  • feat: java / impossible to completely remove the cve-2010-0840

    MS security scanner found this and says it has been partially deleted. nothing I've tried it deleted completely. another antivirus says just update my version of Java and it would be ok. I did and Odile always gives me the same message after execution of this new on full scan. Help

    Have you also followed the instructions of removal in anti-virus auditor/Analyzer has detected a virus. Is associated with Java?

    BTW, if you use Java, then remove it completely instead of update.

    Using Java is a risk to the safetyof the useless... especially with older versions that have vulnerabilities that can be used by malicious sites to operate and infect your system.

    Kaspersky Lab report: assess the level of threat of software vulnerabilities
    Microsoft: The wave without precedent of operation Java

    Although Java is commonly used in commercial contexts and many VPN providers when even the use, the average user does not need to install the Java software.

    Quote youdo not need Java "Javais one of these technologies you will find installed on most computer systems despite the fact that average users do not come across a lot of Java-powered websites or desktop applications..." According to W3Techs, only four percent of the sites use Java on the server side... it serves as 0.2 percent of all Web sites client-side. As well as two-tenths of one percent of the sites that do not use it for their... basic features there are sites and applications that require Java, and if you use one of them, you must of course Java. But that makes you a minority. The majority of users have no need for Java. They do not need the Java plugin, nor do they need the environment run Java installed on their operating system.... »

    Statistical W3Techs usage and market share data of Java on the web

    I recommend just uninstall Java if you do not use.

  • How will I know if node manager is installed?

    I recently received a security alert regarding a vulnerability CVE-2010-0073 with node Manager. I don't remember installing this. I fell just the install.cmd when I installed the server. Is their a way to see if it has been installed? Or if this vulnerability does not apply to me?

    By examining the documentation it says also that oracle provides patches for Peoplesoft customers who use WLS92MP3. When I look at my registry.xml file it says

    < output level = 9.2 >
    ServicePackLevel = PatchLevel 0 = 0

    I guess MP3 means Patch level 3? Is this correct? So first of all need to update to patch level 3. Then apply the fix for CVE-2010-0073?

    Thank you
    Andy

    Yes, if it is the version 10.3, it will start by 'Oracle Weblogic Nodemananger... ', previous version start with 'BEA' service... ». It seems that you have not installed it and should be good.

  • Adobe Reader 8.2.1 Russian for Windows

    Hello!

    I keep to update Adobe Reader for Windows to 8.2.1 version fix vulnerability (CVE-2010-0186) for Russian users. I have Adobe Reader 8.1.3 Russian now. It is only possible to download the version with interface Russian 8.x.x (9.x.x is not a possible way in my case). I did ' t find 8.2.0 version with Russian interface for download and I cannot apply 8.2.1 patch. When I try to update 8.1.3 menu version Adobe Reader, I get the message 'no available paths. Is Adobe Reader 8.2.1 Russian for Windows exist? If so, how to install one?

    Dmitry,

    I have been informed that support for the Russia (and some other languages euro) to 8.x Reader has been abandoned.

    Your best bet is to install x 9

Maybe you are looking for

  • Satellite X 200-F stops during the game

    Hi guys,. I am a happy owner of a beautiful X 200-F for almost a year, and never had any problems with it. Last night, I was playing a heavy 3d game in the night in a room at near 30 ° C (we do not have a lot of conditioners of Air in France, it is n

  • Java is safe to use with Safari?

    Howdy, I continue to see internet articles about the Java plugin is a concern of security for OS X and Safari. It is a real concern / current? I tried a few tests and found that I had no chance again using this community site if Javascript is disable

  • Can I connect my Sony Google TV to my Slingbox?

    I recently bought a Sony Google TV Blue disk drive and I do not know how to connect to my slingbox.

  • HDD problem Dell Vostro 3550

    I use a Dell Vostro 3550 running Windows 7 64 bit since may, 2012. Recently, on running the Dell Diagnostics, it shows that the hard [Samsung HM500JJ] has no 'targeted reading Test ". More recently, when I run scan on the hard, the system stops and r

  • Can I create an animation and use it to a YouTube intro?

    I want to do a YouTube intro to my channel, go to start of all my videos. I want to know if I can create one in Adobe animate and place it at the beginning of videos during editing, for example in Windows Movie Maker or Adobe Premiere.