Oracle 12c EM report files marked as CVE2015-7645 exploits

From: De DBA <dedba_at_tpg.com.au>
Date: Mon, 26 Oct 2015 10:15:09 +1000
Message-ID: <562D708D.8030408_at_tpg.com.au>

Morning.

Overnight the weekly clamscan picked up some flash files that it identified as exploits of the CVE 2015-7645 Adobe Flash vulnerability:

/u00/oracle/12c/rdbms/xml/em/orarep/sqlmonitor/SqlMonitor.swf: Swf.Exploit.CVE_2015_7645 FOUND
/u00/oracle/12c/rdbms/xml/em/orarep/perfhub/SqlHub.swf: Swf.Exploit.CVE_2015_7645 FOUND
/u00/oracle/12c/rdbms/xml/em/orarep/sqlpa/sqlpa.swf: Swf.Exploit.CVE_2015_7645 FOUND
/u00/oracle/12c/rdbms/xml/em/orarep/sqltune/emSqlTuning.swf: Swf.Exploit.CVE_2015_7645 FOUND
/u00/oracle/12c/rdbms/xml/em/orarep/sql_detail/emSqlDetails.swf: Swf.Exploit.CVE_2015_7645 FOUND

This is a complete installation of 12c (12.1.0.1.0). It seems unlikely to me that Oracle would include malicious software, but perhaps better to remove these flash files? Anyone knows what they are for?

Cheers,
Tony

--
http://www.freelists.org/webpage/oracle-l

Received on Mon Oct 26 2015 - 01:15:09 CET

This message: [ Message body ]
Next message: Niall Litchfield: "Re: Oracle 12c EM report files marked as CVE2015-7645 exploits"
Previous message: Stéphane Faroult: "Re: IO performance"
Next in thread: Niall Litchfield: "Re: Oracle 12c EM report files marked as CVE2015-7645 exploits"
Reply: Niall Litchfield: "Re: Oracle 12c EM report files marked as CVE2015-7645 exploits"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message