CVE-2007-0280

Name of the Vulnerable Software and Affected Versions: Oracle HTTP Server versions 9.0.1.5 Oracle Application Server versions 10.1.2.0.0 through 10.1.2.0.2, 10.1.2.2, 9.0.4.3 Oracle Collaboration Suite versions 9.0.4.2, 10.1.2

Description: The issue is related to the Oracle Process Mgmt & Notification component. It may be associated with a buffer overflow in Oracle Notification Service (ONS), although the exact nature and impact of the vulnerability are not specified. The attack vectors are also not clearly defined.

Recommendations: For Oracle HTTP Server version 9.0.1.5, update to a version that includes the fix for this issue. For Oracle Application Server versions 10.1.2.0.0 through 10.1.2.0.2, 10.1.2.2, 9.0.4.3, update to a version that includes the fix for this issue. For Oracle Collaboration Suite versions 9.0.4.2, 10.1.2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Oracle Notification Service (ONS) until a patch is available.