{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Oracle9i Database Server seconde \u00e9dition, version 9.2.0.2 ;","product":{"name":"Database Server","vendor":{"name":"Oracle","scada":false}}},{"description":"Oracle9i Application Server seconde \u00e9dition, versions 9.0.3.0 et 9.0.3.1 ;","product":{"name":"N/A","vendor":{"name":"Oracle","scada":false}}},{"description":"Oracle9i Application Server seconde \u00e9dition, version 9.0.2.1 et les versions ant\u00e9rieures ;","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Oracle9i Application Server premi\u00e8re \u00e9dition, version 1.0.2.2 ;","product":{"name":"N/A","vendor":{"name":"Oracle","scada":false}}},{"description":"Oracle9i Database Server premi\u00e8re \u00e9dition, version 9.0.1.4.","product":{"name":"Database Server","vendor":{"name":"Oracle","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans l'analyse des donn\u00e9es SOAP\n(Simple Object Access Protocol) des applications Oracle : Oracle9i\nApplication Server et Oracle9i Database Server.  \n  \nUn utilisateur mal intentionn\u00e9 peut, en envoyant une requ\u00eate SOAP\nmalicieusement construite, r\u00e9aliser un d\u00e9ni de service des applications\nOracle. Le risque est plus important pour les versions Oracle9i\nApplication Server seconde \u00e9dition version 9.2.0.1 et ant\u00e9rieures car\nl'authentification SOAP est d\u00e9sactiv\u00e9e par d\u00e9faut.\n\n## Solution\n\nAppliquer la mise \u00e0 jour correspondant \u00e0 votre version (cf. section\ndocumentation).\n","cves":[],"links":[{"title":"Correctif Oracle :","url":"http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=259556.1"}],"reference":"CERTA-2004-AVI-046","revisions":[{"description":"version initiale.","revision_date":"2004-02-23T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service"}],"summary":"Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte sur Oracle9i Application Server et\nOracle9i Database Server qui permet \u00e0 un utilisateur mal intentionn\u00e9 de\nr\u00e9aliser un d\u00e9ni de service sur ces deux syst\u00e8mes.\n","title":"Vuln\u00e9rabilit\u00e9 dans Oracle9i Application et Dabase Server","vendor_advisories":[{"published_at":null,"title":"Avis de s\u00e9curit\u00e9 65 d'Oracle","url":"http://otn.oracle.com/deploy/security/pdf/2004alert65.pdf"}]}