Re: Oracle 12c EM report files marked as CVE2015-7645 exploits
Date: Mon, 26 Oct 2015 06:15:29 +0000
Message-ID: <CABe10saMFDcz8e4OrRZnumGArmcfH_dmbk2nL71f_XhOjergDA_at_mail.gmail.com>
The files are used by EM Express to provide various interactive performance reporting functionality. Looking at
https://helpx.adobe.com/security/products/flash-player/apsa15-05.html suggests that updating flash player, which your organization will probably do anyway, will mitigate the issue. It doesn't seem beyond the realms of possibility that doing so might have adverse effects on em express.
On Mon, Oct 26, 2015 at 12:15 AM, De DBA <dedba_at_tpg.com.au> wrote:
> Morning.
>
> Overnight the weekly clamscan picked up some flash files that it
> identified as exploits of the CVE 2015-7645 Adobe Flash vulnerability:
>
> /u00/oracle/12c/rdbms/xml/em/orarep/sqlmonitor/SqlMonitor.swf:
> Swf.Exploit.CVE_2015_7645 FOUND
> /u00/oracle/12c/rdbms/xml/em/orarep/perfhub/SqlHub.swf:
> Swf.Exploit.CVE_2015_7645 FOUND
> /u00/oracle/12c/rdbms/xml/em/orarep/sqlpa/sqlpa.swf:
> Swf.Exploit.CVE_2015_7645 FOUND
> /u00/oracle/12c/rdbms/xml/em/orarep/sqltune/emSqlTuning.swf:
> Swf.Exploit.CVE_2015_7645 FOUND
> /u00/oracle/12c/rdbms/xml/em/orarep/sql_detail/emSqlDetails.swf:
> Swf.Exploit.CVE_2015_7645 FOUND
>
>
> This is a complete installation of 12c (12.1.0.1.0). It seems unlikely to
> me that Oracle would include malicious software, but perhaps better to
> remove these flash files? Anyone knows what they are for?
>
> Cheers,
> Tony
>
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>
-- Niall Litchfield Oracle DBA http://www.orawin.info -- http://www.freelists.org/webpage/oracle-lReceived on Mon Oct 26 2015 - 07:15:29 CET