Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2018.0250
Oracle Fusion Middleware
17 October 2018
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Oracle Fusion Middleware
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Modify Arbitrary Files -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2018-1000300 CVE-2018-18224 CVE-2018-18223
CVE-2018-8013 CVE-2018-3302 CVE-2018-3254
CVE-2018-3253 CVE-2018-3252 CVE-2018-3250
CVE-2018-3249 CVE-2018-3248 CVE-2018-3246
CVE-2018-3245 CVE-2018-3238 CVE-2018-3234
CVE-2018-3233 CVE-2018-3232 CVE-2018-3231
CVE-2018-3230 CVE-2018-3229 CVE-2018-3228
CVE-2018-3227 CVE-2018-3226 CVE-2018-3225
CVE-2018-3224 CVE-2018-3223 CVE-2018-3222
CVE-2018-3221 CVE-2018-3220 CVE-2018-3219
CVE-2018-3218 CVE-2018-3217 CVE-2018-3215
CVE-2018-3213 CVE-2018-3210 CVE-2018-3204
CVE-2018-3201 CVE-2018-3197 CVE-2018-3191
CVE-2018-3179 CVE-2018-3168 CVE-2018-3152
CVE-2018-3147 CVE-2018-2911 CVE-2018-2902
CVE-2018-1305 CVE-2018-1275 CVE-2018-1258
CVE-2018-0739 CVE-2018-0732 CVE-2017-15095
CVE-2017-14735 CVE-2017-7805 CVE-2017-5645
CVE-2016-1182 CVE-2015-9251
Member content until: Friday, November 16 2018
Reference: ASB-2018.0180
ASB-2018.0177
ASB-2018.0173
ESB-2018.3028
ESB-2018.3014
ESB-2018.2952
ESB-2018.2951
OVERVIEW
Multiple vulnerabilities have been identified in :
o Oracle Adaptive Access Manager, versions 11.1.1.7.0, 11.1.2.3.0
o Oracle API Gateway, version 11.1.2.4.0
o Oracle BI Publisher, versions 11.1.1.7.0, 11.1.1.9.0, 12.2.1.3.0,
12.2.1.4.0
o Oracle Big Data Discovery, version 1.6.0
o Oracle Business Intelligence Enterprise Edition, versions
11.1.1.7.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0
o Oracle Directory Server Enterprise Edition, version 11.1.1.7
o Oracle Endeca Information Discovery Integrator, versions 3.1.0,
3.2.0
o Oracle Endeca Information Discovery Studio, versions 3.1.0, 3.2.0
o Oracle Endeca Server, versions 7.6.1, 7.7.0
o Oracle Enterprise Repository, versions 11.1.1.7.0, 12.1.3.0.0
o Oracle Fusion Middleware MapViewer, versions 12.1.3.0, 12.2.1.3
o Oracle GlassFish Server, version 3.1.2
o Oracle GoldenGate for Big Data, versions 12.2.0.1, 12.3.1.1,
12.3.2.1
o Oracle HTTP Server, version 12.2.1.3
o Oracle Identity Analytics, version 11.1.1.5.8
o Oracle Identity Management Suite, versions 11.1.2.3.0, 12.2.1.3.0
o Oracle Identity Manager, versions 11.1.2.3.0, 12.2.1.3.0
o Oracle Outside In Technology, version 8.5.3
o Oracle Real-Time Decision Server, version 3.2.1
o Oracle Service Bus, versions 12.1.3.0.0, 12.2.1.3.0
o Oracle Tuxedo, version 12.1.1.0
o Oracle Virtual Directory, versions 11.1.1.7.0, 11.1.1.9.0
o Oracle WebCenter Portal, versions 11.1.1.9.0, 12.2.1.3.0
o Oracle WebCenter Sites, versions 11.1.1.8.0, 12.2.1.3.0
o Oracle WebLogic Server, versions 10.3.6.0, 12.1.3.0, 12.2.1.3,
prior to Docker 12.2.1.3.20180913
[1]
IMPACT
The vendor has provided the following information regarding the
vulnerabilities:
"This Critical Patch Update contains 65 new security fixes for
Oracle Fusion Middleware. 56 of these vulnerabilities may be
remotely exploitable without authentication, i.e., may be exploited
over a network without requiring user credentials." [1]
"CVE-2015-9251
6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability in the Oracle Endeca Information Discovery Studio
component of Oracle Fusion Middleware (subcomponent: Studio
(jQuery)). Supported versions that are affected are 3.1.0 and 3.2.0.
Easily exploitable vulnerability allows unauthenticated attacker
with network access via HTTP to compromise Oracle Endeca Information
Discovery Studio. Successful attacks require human interaction from
a person other than the attacker and while the vulnerability is in
Oracle Endeca Information Discovery Studio, attacks may
significantly impact additional products. Successful attacks of this
vulnerability can result in unauthorized update, insert or delete
access to some of Oracle Endeca Information Discovery Studio
accessible data as well as unauthorized read access to a subset of
Oracle Endeca Information Discovery Studio accessible data.
CVE-2015-9251
6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability in the Oracle Service Bus component of Oracle Fusion
Middleware (subcomponent: OSB Core Functionality (jQuery)).
Supported versions that are affected are 12.1.3.0.0 and 12.2.1.3.0.
Easily exploitable vulnerability allows unauthenticated attacker
with network access via HTTP to compromise Oracle Service Bus.
Successful attacks require human interaction from a person other
than the attacker and while the vulnerability is in Oracle Service
Bus, attacks may significantly impact additional products.
Successful attacks of this vulnerability can result in unauthorized
update, insert or delete access to some of Oracle Service Bus
accessible data as well as unauthorized read access to a subset of
Oracle Service Bus accessible data.
CVE-2015-9251
6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability in the Oracle WebCenter Sites component of Oracle
Fusion Middleware (subcomponent: Advanced UI (jQuery)). The
supported version that is affected is 11.1.1.8.0. Easily exploitable
vulnerability allows unauthenticated attacker with network access
via HTTP to compromise Oracle WebCenter Sites. Successful attacks
require human interaction from a person other than the attacker and
while the vulnerability is in Oracle WebCenter Sites, attacks may
significantly impact additional products. Successful attacks of this
vulnerability can result in unauthorized update, insert or delete
access to some of Oracle WebCenter Sites accessible data as well as
unauthorized read access to a subset of Oracle WebCenter Sites
accessible data.
CVE-2016-1182
8.2
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Vulnerability in the Oracle Adaptive Access Manager component of
Oracle Fusion Middleware (subcomponent: OAAM Server (Apache Struts
1)). Supported versions that are affected are 11.1.1.7.0 and
11.1.2.3.0. Easily exploitable vulnerability allows unauthenticated
attacker with network access via HTTP to compromise Oracle Adaptive
Access Manager. Successful attacks of this vulnerability can result
in unauthorized ability to cause a hang or frequently repeatable
crash (complete DOS) of Oracle Adaptive Access Manager as well as
unauthorized update, insert or delete access to some of Oracle
Adaptive Access Manager accessible data.
CVE-2016-1182
8.2
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Vulnerability in the Oracle Real-Time Decision Server component of
Oracle Fusion Middleware (subcomponent: Platform Installation
(Apache Struts 1)). The supported version that is affected is 3.2.1.
Easily exploitable vulnerability allows unauthenticated attacker
with network access via HTTP to compromise Oracle Real-Time Decision
Server. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of Oracle Real-Time Decision Server as well as
unauthorized update, insert or delete access to some of Oracle
Real-Time Decision Server accessible data.
CVE-2017-14735
6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability in the Oracle Fusion Middleware MapViewer component of
Oracle Fusion Middleware (subcomponent: Install (AntiSamy)).
Supported versions that are affected are 12.1.3.0 and 12.2.1.3.
Easily exploitable vulnerability allows unauthenticated attacker
with network access via HTTP to compromise Oracle Fusion Middleware
MapViewer. Successful attacks require human interaction from a
person other than the attacker and while the vulnerability is in
Oracle Fusion Middleware MapViewer, attacks may significantly impact
additional products. Successful attacks of this vulnerability can
result in unauthorized update, insert or delete access to some of
Oracle Fusion Middleware MapViewer accessible data as well as
unauthorized read access to a subset of Oracle Fusion Middleware
MapViewer accessible data.
CVE-2017-15095
9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability in the Oracle Identity Manager component of Oracle
Fusion Middleware (subcomponent: Installer (jackson-databind)).
Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0.
Easily exploitable vulnerability allows unauthenticated attacker
with network access via HTTP to compromise Oracle Identity Manager.
Successful attacks of this vulnerability can result in takeover of
Oracle Identity Manager.
CVE-2017-5645
9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability in the Oracle API Gateway component of Oracle Fusion
Middleware (subcomponent: Oracle API Gateway (Apache Log4j)). The
supported version that is affected is 11.1.2.4.0. Easily exploitable
vulnerability allows unauthenticated attacker with network access
via HTTP to compromise Oracle API Gateway. Successful attacks of
this vulnerability can result in takeover of Oracle API Gateway.
CVE-2017-5645
9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability in the BI Publisher (formerly XML Publisher) component
of Oracle Fusion Middleware (subcomponent: BI Publisher Security
(Apache Log4j)). Supported versions that are affected are
11.1.1.7.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily
exploitable vulnerability allows unauthenticated attacker with
network access via HTTP to compromise BI Publisher (formerly XML
Publisher). Successful attacks of this vulnerability can result in
takeover of BI Publisher (formerly XML Publisher).
CVE-2017-5645
9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability in the Oracle Identity Analytics component of Oracle
Fusion Middleware (subcomponent: Security (Apache Log4j)). The
supported version that is affected is 11.1.1.5.8. Easily exploitable
vulnerability allows unauthenticated attacker with network access
via HTTP to compromise Oracle Identity Analytics. Successful attacks
of this vulnerability can result in takeover of Oracle Identity
Analytics.
CVE-2017-5645
9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability in the Oracle Identity Management Suite component of
Oracle Fusion Middleware (subcomponent: Suite Level Patch Issues
(Apache Log4j)). Supported versions that are affected are 11.1.2.3.0
and 12.2.1.3.0. Easily exploitable vulnerability allows
unauthenticated attacker with network access via HTTP to compromise
Oracle Identity Management Suite. Successful attacks of this
vulnerability can result in takeover of Oracle Identity Management
Suite.
CVE-2017-7805
7.5
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability in the Oracle Directory Server Enterprise Edition
component of Oracle Fusion Middleware (subcomponent: Admin Console
(Sun Security Libraries)). The supported version that is affected is
11.1.1.7. Difficult to exploit vulnerability allows low privileged
attacker with network access via HTTP to compromise Oracle Directory
Server Enterprise Edition. Successful attacks of this vulnerability
can result in takeover of Oracle Directory Server Enterprise
Edition.
CVE-2018-0732
7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability in the Oracle Tuxedo component of Oracle Fusion
Middleware (subcomponent: Docs-ATMI-IB (OpenSSL)). The supported
version that is affected is 12.1.1.0. Easily exploitable
vulnerability allows unauthenticated attacker with network access
via HTTPS to compromise Oracle Tuxedo. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of Oracle Tuxedo.
CVE-2018-0739
6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Vulnerability in the Oracle Endeca Server component of Oracle Fusion
Middleware (subcomponent: Product Code (OpenSSL)). Supported
versions that are affected are 7.6.1 and 7.7.0. Easily exploitable
vulnerability allows unauthenticated attacker with network access
via HTTP to compromise Oracle Endeca Server. Successful attacks
require human interaction from a person other than the attacker.
Successful attacks of this vulnerability can result in unauthorized
ability to cause a hang or frequently repeatable crash (complete
DOS) of Oracle Endeca Server.
CVE-2018-1000300
7.5
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability in the Oracle HTTP Server component of Oracle Fusion
Middleware (subcomponent: Web Listener (curl)). The supported
version that is affected is 12.2.1.3. Difficult to exploit
vulnerability allows unauthenticated attacker with network access
via HTTP to compromise Oracle HTTP Server. Successful attacks
require human interaction from a person other than the attacker.
Successful attacks of this vulnerability can result in takeover of
Oracle HTTP Server.
CVE-2018-1258
8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability in the Oracle Endeca Information Discovery Integrator
component of Oracle Fusion Middleware (subcomponent: Other Issues
(Spring Framework)). Supported versions that are affected are 3.1.0
and 3.2.0. Easily exploitable vulnerability allows low privileged
attacker with network access via HTTP to compromise Oracle Endeca
Information Discovery Integrator. Successful attacks of this
vulnerability can result in takeover of Oracle Endeca Information
Discovery Integrator.
CVE-2018-1258
8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability in the Oracle WebLogic Server component of Oracle
Fusion Middleware (subcomponent: Sample apps (Spring Framework)).
Supported versions that are affected are 10.3.6.0, 12.1.3.0 and
12.2.1.3. Easily exploitable vulnerability allows low privileged
attacker with network access via HTTP to compromise Oracle WebLogic
Server. Successful attacks of this vulnerability can result in
takeover of Oracle WebLogic Server.
CVE-2018-1275
9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability in the Oracle Big Data Discovery component of Oracle
Fusion Middleware (subcomponent: Data Processing (Spring
Framework)). The supported version that is affected is 1.6.0. Easily
exploitable vulnerability allows unauthenticated attacker with
network access via HTTP to compromise Oracle Big Data Discovery.
Successful attacks of this vulnerability can result in takeover of
Oracle Big Data Discovery.
CVE-2018-1275
9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability in the Oracle GoldenGate for Big Data component of
Oracle Fusion Middleware (subcomponent: Other issues (Spring
Framework)). Supported versions that are affected are 12.2.0.1,
12.3.1.1 and 12.3.2.1. Easily exploitable vulnerability allows
unauthenticated attacker with network access via HTTP to compromise
Oracle GoldenGate for Big Data. Successful attacks of this
vulnerability can result in takeover of Oracle GoldenGate for Big
Data.
CVE-2018-1305
6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability in the Oracle WebCenter Sites component of Oracle
Fusion Middleware (subcomponent: Advanced UI (Apache Tomcat)).
Supported versions that are affected are 11.1.1.8.0 and 12.2.1.3.0.
Easily exploitable vulnerability allows low privileged attacker with
network access via HTTP to compromise Oracle WebCenter Sites.
Successful attacks of this vulnerability can result in unauthorized
access to critical data or complete access to all Oracle WebCenter
Sites accessible data.
CVE-2018-18223
7.1
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Vulnerability in the Oracle Outside In Technology component of
Oracle Fusion Middleware (subcomponent: Outside In Filters (ODA
Module)). The supported version that is affected is 8.5.3. Easily
exploitable vulnerability allows unauthenticated attacker with
network access via HTTP to compromise Oracle Outside In Technology.
Successful attacks require human interaction from a person other
than the attacker. Successful attacks of this vulnerability can
result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of Oracle Outside In Technology and
unauthorized read access to a subset of Oracle Outside In Technology
accessible data.
CVE-2018-18224
7.1
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Vulnerability in the Oracle Outside In Technology component of
Oracle Fusion Middleware (subcomponent: Outside In Filters (ODA
Module)). The supported version that is affected is 8.5.3. Easily
exploitable vulnerability allows unauthenticated attacker with
network access via HTTP to compromise Oracle Outside In Technology.
Successful attacks require human interaction from a person other
than the attacker. Successful attacks of this vulnerability can
result in unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of Oracle Outside In Technology and
unauthorized read access to a subset of Oracle Outside In Technology
accessible data.
CVE-2018-2902
4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability in the Oracle WebLogic Server component of Oracle
Fusion Middleware (subcomponent: Console). Supported versions that
are affected are 10.3.6.0 and 12.1.3.0. Easily exploitable
vulnerability allows low privileged attacker with network access via
HTTP to compromise Oracle WebLogic Server. Successful attacks of
this vulnerability can result in unauthorized read access to a
subset of Oracle WebLogic Server accessible data.
CVE-2018-2911
8.3
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
Vulnerability in the Oracle GlassFish Server component of Oracle
Fusion Middleware (subcomponent: Java Server Faces). The supported
version that is affected is 3.1.2. Easily exploitable vulnerability
allows unauthenticated attacker with network access via HTTP to
compromise Oracle GlassFish Server. Successful attacks require human
interaction from a person other than the attacker. Successful
attacks of this vulnerability can result in unauthorized creation,
deletion or modification access to critical data or all Oracle
GlassFish Server accessible data as well as unauthorized access to
critical data or complete access to all Oracle GlassFish Server
accessible data and unauthorized ability to cause a partial denial
of service (partial DOS) of Oracle GlassFish Server.
CVE-2018-3147
4.3
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Vulnerability in the Oracle Outside In Technology component of
Oracle Fusion Middleware (subcomponent: Outside In Filters). The
supported version that is affected is 8.5.3. Easily exploitable
vulnerability allows unauthenticated attacker with network access
via HTTP to compromise Oracle Outside In Technology. Successful
attacks require human interaction from a person other than the
attacker. Successful attacks of this vulnerability can result in
unauthorized read access to a subset of Oracle Outside In Technology
accessible data.
CVE-2018-3152
7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability in the Oracle GlassFish Server component of Oracle
Fusion Middleware (subcomponent: Administration). The supported
version that is affected is 3.1.2. Easily exploitable vulnerability
allows unauthenticated attacker with network access via HTTP to
compromise Oracle GlassFish Server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash (complete DOS) of Oracle GlassFish
Server.
CVE-2018-3168
7.1
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Vulnerability in the Oracle Identity Analytics component of Oracle
Fusion Middleware (subcomponent: Core Components). The supported
version that is affected is 11.1.1.5.8. Easily exploitable
vulnerability allows low privileged attacker with network access via
HTTP to compromise Oracle Identity Analytics. Successful attacks of
this vulnerability can result in unauthorized creation, deletion or
modification access to critical data or all Oracle Identity
Analytics accessible data as well as unauthorized read access to a
subset of Oracle Identity Analytics accessible data.
CVE-2018-3179
7.2
AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L
Vulnerability in the Oracle Identity Manager component of Oracle
Fusion Middleware (subcomponent: Advanced Console). Supported
versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily
exploitable vulnerability allows unauthenticated attacker with
network access via HTTP to compromise Oracle Identity Manager. While
the vulnerability is in Oracle Identity Manager, attacks may
significantly impact additional products. Successful attacks of this
vulnerability can result in unauthorized read access to a subset of
Oracle Identity Manager accessible data and unauthorized ability to
cause a partial denial of service (partial DOS) of Oracle Identity
Manager.
CVE-2018-3191
9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability in the Oracle WebLogic Server component of Oracle
Fusion Middleware (subcomponent: WLS Core Components). Supported
versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3.
Easily exploitable vulnerability allows unauthenticated attacker
with network access via T3 to compromise Oracle WebLogic Server.
Successful attacks of this vulnerability can result in takeover of
Oracle WebLogic Server.
CVE-2018-3197
9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability in the Oracle WebLogic Server component of Oracle
Fusion Middleware (subcomponent: WLS Core Components). The supported
version that is affected is 12.1.3.0. Easily exploitable
vulnerability allows unauthenticated attacker with network access
via T3 to compromise Oracle WebLogic Server. Successful attacks of
this vulnerability can result in takeover of Oracle WebLogic Server.
CVE-2018-3201
9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability in the Oracle WebLogic Server component of Oracle
Fusion Middleware (subcomponent: WLS Core Components). The supported
version that is affected is 12.2.1.3. Easily exploitable
vulnerability allows unauthenticated attacker with network access
via T3 to compromise Oracle WebLogic Server. Successful attacks of
this vulnerability can result in takeover of Oracle WebLogic Server.
CVE-2018-3204
8.2
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Vulnerability in the Oracle Business Intelligence Enterprise Edition
component of Oracle Fusion Middleware (subcomponent: Analytics
Server). The supported version that is affected is 12.2.1.3.0.
Easily exploitable vulnerability allows unauthenticated attacker
with network access via HTTP to compromise Oracle Business
Intelligence Enterprise Edition. Successful attacks require human
interaction from a person other than the attacker and while the
vulnerability is in Oracle Business Intelligence Enterprise Edition,
attacks may significantly impact additional products. Successful
attacks of this vulnerability can result in unauthorized access to
critical data or complete access to all Oracle Business Intelligence
Enterprise Edition accessible data as well as unauthorized update,
insert or delete access to some of Oracle Business Intelligence
Enterprise Edition accessible data.
CVE-2018-3210
5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability in the Oracle GlassFish Server component of Oracle
Fusion Middleware (subcomponent: Java Server Faces). The supported
version that is affected is 3.1.2. Easily exploitable vulnerability
allows unauthenticated attacker with network access via HTTP to
compromise Oracle GlassFish Server. Successful attacks of this
vulnerability can result in unauthorized read access to a subset of
Oracle GlassFish Server accessible data.
CVE-2018-3213
7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability in the Oracle WebLogic Server component of Oracle
Fusion Middleware (subcomponent: Docker Images). The supported
version that is affected is prior to Docker 12.2.1.3.20180913.
Easily exploitable vulnerability allows unauthenticated attacker
with network access via T3 to compromise Oracle WebLogic Server.
Successful attacks of this vulnerability can result in unauthorized
access to critical data or complete access to all Oracle WebLogic
Server accessible data.
CVE-2018-3215
5.4
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Vulnerability in the Oracle Endeca Information Discovery Integrator
component of Oracle Fusion Middleware (subcomponent: Integrator
ETL). Supported versions that are affected are 3.1.0 and 3.2.0.
Easily exploitable vulnerability allows unauthenticated attacker
with network access via HTTP to compromise Oracle Endeca Information
Discovery Integrator. Successful attacks require human interaction
from a person other than the attacker. Successful attacks of this
vulnerability can result in unauthorized update, insert or delete
access to some of Oracle Endeca Information Discovery Integrator
accessible data as well as unauthorized read access to a subset of
Oracle Endeca Information Discovery Integrator accessible data.
CVE-2018-3217
7.1
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
Vulnerability in the Oracle Outside In Technology component of
Oracle Fusion Middleware (subcomponent: Outside In Filters). The
supported version that is affected is 8.5.3. Easily exploitable
vulnerability allows unauthenticated attacker with network access
via HTTP to compromise Oracle Outside In Technology. Successful
attacks require human interaction from a person other than the
attacker. Successful attacks of this vulnerability can result in
unauthorized access to critical data or complete access to all
Oracle Outside In Technology accessible data as well as unauthorized
update, insert or delete access to some of Oracle Outside In
Technology accessible data.
CVE-2018-3218
7.1
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
Vulnerability in the Oracle Outside In Technology component of
Oracle Fusion Middleware (subcomponent: Outside In Filters). The
supported version that is affected is 8.5.3. Easily exploitable
vulnerability allows unauthenticated attacker with network access
via HTTP to compromise Oracle Outside In Technology. Successful
attacks require human interaction from a person other than the
attacker. Successful attacks of this vulnerability can result in
unauthorized access to critical data or complete access to all
Oracle Outside In Technology accessible data as well as unauthorized
update, insert or delete access to some of Oracle Outside In
Technology accessible data.
CVE-2018-3219
7.1
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Vulnerability in the Oracle Outside In Technology component of
Oracle Fusion Middleware (subcomponent: Outside In Filters). The
supported version that is affected is 8.5.3. Easily exploitable
vulnerability allows unauthenticated attacker with network access
via HTTP to compromise Oracle Outside In Technology. Successful
attacks require human interaction from a person other than the
attacker. Successful attacks of this vulnerability can result in
unauthorized access to critical data or complete access to all
Oracle Outside In Technology accessible data and unauthorized
ability to cause a partial denial of service (partial DOS) of Oracle
Outside In Technology.
CVE-2018-3220
7.1
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Vulnerability in the Oracle Outside In Technology component of
Oracle Fusion Middleware (subcomponent: Outside In Filters). The
supported version that is affected is 8.5.3. Easily exploitable
vulnerability allows unauthenticated attacker with network access
via HTTP to compromise Oracle Outside In Technology. Successful
attacks require human interaction from a person other than the
attacker. Successful attacks of this vulnerability can result in
unauthorized access to critical data or complete access to all
Oracle Outside In Technology accessible data and unauthorized
ability to cause a partial denial of service (partial DOS) of Oracle
Outside In Technology.
CVE-2018-3221
7.1
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Vulnerability in the Oracle Outside In Technology component of
Oracle Fusion Middleware (subcomponent: Outside In Filters). The
supported version that is affected is 8.5.3. Easily exploitable
vulnerability allows unauthenticated attacker with network access
via HTTP to compromise Oracle Outside In Technology. Successful
attacks require human interaction from a person other than the
attacker. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of Oracle Outside In Technology and unauthorized read
access to a subset of Oracle Outside In Technology accessible data.
CVE-2018-3222
7.1
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Vulnerability in the Oracle Outside In Technology component of
Oracle Fusion Middleware (subcomponent: Outside In Filters). The
supported version that is affected is 8.5.3. Easily exploitable
vulnerability allows unauthenticated attacker with network access
via HTTP to compromise Oracle Outside In Technology. Successful
attacks require human interaction from a person other than the
attacker. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of Oracle Outside In Technology and unauthorized read
access to a subset of Oracle Outside In Technology accessible data.
CVE-2018-3223
7.1
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Vulnerability in the Oracle Outside In Technology component of
Oracle Fusion Middleware (subcomponent: Outside In Filters). The
supported version that is affected is 8.5.3. Easily exploitable
vulnerability allows unauthenticated attacker with network access
via HTTP to compromise Oracle Outside In Technology. Successful
attacks require human interaction from a person other than the
attacker. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of Oracle Outside In Technology and unauthorized read
access to a subset of Oracle Outside In Technology accessible data.
CVE-2018-3224
7.1
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Vulnerability in the Oracle Outside In Technology component of
Oracle Fusion Middleware (subcomponent: Outside In Filters). The
supported version that is affected is 8.5.3. Easily exploitable
vulnerability allows unauthenticated attacker with network access
via HTTP to compromise Oracle Outside In Technology. Successful
attacks require human interaction from a person other than the
attacker. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of Oracle Outside In Technology and unauthorized read
access to a subset of Oracle Outside In Technology accessible data.
CVE-2018-3225
7.1
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Vulnerability in the Oracle Outside In Technology component of
Oracle Fusion Middleware (subcomponent: Outside In Filters). The
supported version that is affected is 8.5.3. Easily exploitable
vulnerability allows unauthenticated attacker with network access
via HTTP to compromise Oracle Outside In Technology. Successful
attacks require human interaction from a person other than the
attacker. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of Oracle Outside In Technology and unauthorized read
access to a subset of Oracle Outside In Technology accessible data.
CVE-2018-3226
7.1
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Vulnerability in the Oracle Outside In Technology component of
Oracle Fusion Middleware (subcomponent: Outside In Filters). The
supported version that is affected is 8.5.3. Easily exploitable
vulnerability allows unauthenticated attacker with network access
via HTTP to compromise Oracle Outside In Technology. Successful
attacks require human interaction from a person other than the
attacker. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of Oracle Outside In Technology and unauthorized read
access to a subset of Oracle Outside In Technology accessible data.
CVE-2018-3227
7.1
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Vulnerability in the Oracle Outside In Technology component of
Oracle Fusion Middleware (subcomponent: Outside In Filters). The
supported version that is affected is 8.5.3. Easily exploitable
vulnerability allows unauthenticated attacker with network access
via HTTP to compromise Oracle Outside In Technology. Successful
attacks require human interaction from a person other than the
attacker. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of Oracle Outside In Technology and unauthorized read
access to a subset of Oracle Outside In Technology accessible data.
CVE-2018-3228
7.1
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Vulnerability in the Oracle Outside In Technology component of
Oracle Fusion Middleware (subcomponent: Outside In Filters). The
supported version that is affected is 8.5.3. Easily exploitable
vulnerability allows unauthenticated attacker with network access
via HTTP to compromise Oracle Outside In Technology. Successful
attacks require human interaction from a person other than the
attacker. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of Oracle Outside In Technology and unauthorized read
access to a subset of Oracle Outside In Technology accessible data.
CVE-2018-3229
7.1
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Vulnerability in the Oracle Outside In Technology component of
Oracle Fusion Middleware (subcomponent: Outside In Filters). The
supported version that is affected is 8.5.3. Easily exploitable
vulnerability allows unauthenticated attacker with network access
via HTTP to compromise Oracle Outside In Technology. Successful
attacks require human interaction from a person other than the
attacker. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of Oracle Outside In Technology and unauthorized read
access to a subset of Oracle Outside In Technology accessible data.
CVE-2018-3230
7.1
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Vulnerability in the Oracle Outside In Technology component of
Oracle Fusion Middleware (subcomponent: Outside In Filters). The
supported version that is affected is 8.5.3. Easily exploitable
vulnerability allows unauthenticated attacker with network access
via HTTP to compromise Oracle Outside In Technology. Successful
attacks require human interaction from a person other than the
attacker. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of Oracle Outside In Technology and unauthorized read
access to a subset of Oracle Outside In Technology accessible data.
CVE-2018-3231
7.1
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Vulnerability in the Oracle Outside In Technology component of
Oracle Fusion Middleware (subcomponent: Outside In Filters). The
supported version that is affected is 8.5.3. Easily exploitable
vulnerability allows unauthenticated attacker with network access
via HTTP to compromise Oracle Outside In Technology. Successful
attacks require human interaction from a person other than the
attacker. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of Oracle Outside In Technology and unauthorized read
access to a subset of Oracle Outside In Technology accessible data.
CVE-2018-3232
7.1
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Vulnerability in the Oracle Outside In Technology component of
Oracle Fusion Middleware (subcomponent: Outside In Filters). The
supported version that is affected is 8.5.3. Easily exploitable
vulnerability allows unauthenticated attacker with network access
via HTTP to compromise Oracle Outside In Technology. Successful
attacks require human interaction from a person other than the
attacker. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of Oracle Outside In Technology and unauthorized read
access to a subset of Oracle Outside In Technology accessible data.
CVE-2018-3233
7.1
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Vulnerability in the Oracle Outside In Technology component of
Oracle Fusion Middleware (subcomponent: Outside In Filters). The
supported version that is affected is 8.5.3. Easily exploitable
vulnerability allows unauthenticated attacker with network access
via HTTP to compromise Oracle Outside In Technology. Successful
attacks require human interaction from a person other than the
attacker. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of Oracle Outside In Technology and unauthorized read
access to a subset of Oracle Outside In Technology accessible data.
CVE-2018-3234
7.1
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Vulnerability in the Oracle Outside In Technology component of
Oracle Fusion Middleware (subcomponent: Outside In Filters). The
supported version that is affected is 8.5.3. Easily exploitable
vulnerability allows unauthenticated attacker with network access
via HTTP to compromise Oracle Outside In Technology. Successful
attacks require human interaction from a person other than the
attacker. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of Oracle Outside In Technology and unauthorized read
access to a subset of Oracle Outside In Technology accessible data.
CVE-2018-3238
6.9
AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
Vulnerability in the Oracle WebCenter Sites component of Oracle
Fusion Middleware (subcomponent: Advanced UI). The supported version
that is affected is 11.1.1.8.0. Easily exploitable vulnerability
allows high privileged attacker with network access via HTTP to
compromise Oracle WebCenter Sites. Successful attacks require human
interaction from a person other than the attacker and while the
vulnerability is in Oracle WebCenter Sites, attacks may
significantly impact additional products. Successful attacks of this
vulnerability can result in unauthorized access to critical data or
complete access to all Oracle WebCenter Sites accessible data as
well as unauthorized update, insert or delete access to some of
Oracle WebCenter Sites accessible data.
CVE-2018-3245
9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability in the Oracle WebLogic Server component of Oracle
Fusion Middleware (subcomponent: WLS Core Components). Supported
versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3.
Easily exploitable vulnerability allows unauthenticated attacker
with network access via T3 to compromise Oracle WebLogic Server.
Successful attacks of this vulnerability can result in takeover of
Oracle WebLogic Server.
CVE-2018-3246
7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability in the Oracle WebLogic Server component of Oracle
Fusion Middleware (subcomponent: WLS - Web Services). Supported
versions that are affected are 12.1.3.0 and 12.2.1.3. Easily
exploitable vulnerability allows unauthenticated attacker with
network access via HTTP to compromise Oracle WebLogic Server.
Successful attacks of this vulnerability can result in unauthorized
access to critical data or complete access to all Oracle WebLogic
Server accessible data.
CVE-2018-3248
6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Vulnerability in the Oracle WebLogic Server component of Oracle
Fusion Middleware (subcomponent: WLS - Web Services). The supported
version that is affected is 10.3.6.0. Easily exploitable
vulnerability allows unauthenticated attacker with network access
via HTTP to compromise Oracle WebLogic Server. Successful attacks
require human interaction from a person other than the attacker.
Successful attacks of this vulnerability can result in unauthorized
access to critical data or complete access to all Oracle WebLogic
Server accessible data.
CVE-2018-3249
6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability in the Oracle WebLogic Server component of Oracle
Fusion Middleware (subcomponent: WLS - Web Services). The supported
version that is affected is 10.3.6.0. Easily exploitable
vulnerability allows low privileged attacker with network access via
HTTP to compromise Oracle WebLogic Server. Successful attacks of
this vulnerability can result in unauthorized access to critical
data or complete access to all Oracle WebLogic Server accessible
data.
CVE-2018-3250
6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability in the Oracle WebLogic Server component of Oracle
Fusion Middleware (subcomponent: WLS - Web Services). The supported
version that is affected is 10.3.6.0. Easily exploitable
vulnerability allows unauthenticated attacker with network access
via HTTP to compromise Oracle WebLogic Server. Successful attacks
require human interaction from a person other than the attacker and
while the vulnerability is in Oracle WebLogic Server, attacks may
significantly impact additional products. Successful attacks of this
vulnerability can result in unauthorized update, insert or delete
access to some of Oracle WebLogic Server accessible data as well as
unauthorized read access to a subset of Oracle WebLogic Server
accessible data.
CVE-2018-3252
9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability in the Oracle WebLogic Server component of Oracle
Fusion Middleware (subcomponent: WLS Core Components). Supported
versions that are affected are 10.3.6.0, 12.1.3.0 and 12.2.1.3.
Easily exploitable vulnerability allows unauthenticated attacker
with network access via T3 to compromise Oracle WebLogic Server.
Successful attacks of this vulnerability can result in takeover of
Oracle WebLogic Server.
CVE-2018-3253
5.0
AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability in the Oracle Virtual Directory component of Oracle
Fusion Middleware (subcomponent: Virtual Directory Manager).
Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0.
Difficult to exploit vulnerability allows low privileged attacker
with network access via HTTP to compromise Oracle Virtual Directory.
Successful attacks of this vulnerability can result in unauthorized
update, insert or delete access to some of Oracle Virtual Directory
accessible data as well as unauthorized read access to a subset of
Oracle Virtual Directory accessible data and unauthorized ability to
cause a partial denial of service (partial DOS) of Oracle Virtual
Directory.
CVE-2018-3254
5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability in the Oracle WebCenter Portal component of Oracle
Fusion Middleware (subcomponent: WebCenter Spaces Application).
Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0.
Easily exploitable vulnerability allows unauthenticated attacker
with network access via HTTP to compromise Oracle WebCenter Portal.
Successful attacks of this vulnerability can result in unauthorized
read access to a subset of Oracle WebCenter Portal accessible data.
CVE-2018-3302
7.1
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Vulnerability in the Oracle Outside In Technology component of
Oracle Fusion Middleware (subcomponent: Outside In Filters). The
supported version that is affected is 8.5.3. Easily exploitable
vulnerability allows unauthenticated attacker with network access
via HTTP to compromise Oracle Outside In Technology. Successful
attacks require human interaction from a person other than the
attacker. Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently repeatable crash
(complete DOS) of Oracle Outside In Technology and unauthorized read
access to a subset of Oracle Outside In Technology accessible data.
CVE-2018-8013
7.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability in the Oracle Business Intelligence Enterprise Edition
component of Oracle Fusion Middleware (subcomponent: Oracle Business
Intelligence Enterprise Edition (Apache Batik)). Supported versions
that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.2.1.3.0 and
12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated
attacker with network access via HTTP to compromise Oracle Business
Intelligence Enterprise Edition. Successful attacks of this
vulnerability can result in unauthorized update, insert or delete
access to some of Oracle Business Intelligence Enterprise Edition
accessible data as well as unauthorized read access to a subset of
Oracle Business Intelligence Enterprise Edition accessible data and
unauthorized ability to cause a partial denial of service (partial
DOS) of Oracle Business Intelligence Enterprise Edition.
CVE-2018-8013
7.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability in the Oracle Enterprise Repository component of
Oracle Fusion Middleware (subcomponent: Security Subsystem - 12c
(Apache Batik)). Supported versions that are affected are 11.1.1.7.0
and 12.1.3.0.0. Easily exploitable vulnerability allows
unauthenticated attacker with network access via HTTP to compromise
Oracle Enterprise Repository. Successful attacks of this
vulnerability can result in unauthorized update, insert or delete
access to some of Oracle Enterprise Repository accessible data as
well as unauthorized read access to a subset of Oracle Enterprise
Repository accessible data and unauthorized ability to cause a
partial denial of service (partial DOS) of Oracle Enterprise
Repository."
[2]
MITIGATION
Oracle states:
"Due to the threat posed by a successful attack, Oracle strongly
recommends that customers apply CPU fixes as soon as possible. Until
you apply the CPU fixes, it may be possible to reduce the risk of
successful attack by blocking network protocols required by an
attack. For attacks that require certain privileges or access to
certain packages, removing the privileges or the ability to access
the packages from users that do not need the privileges may help
reduce the risk of successful attack. Both approaches may break
application functionality, so Oracle strongly recommends that
customers test changes on non-production systems. Neither approach
should be considered a long-term solution as neither corrects the
underlying problem." [1]
REFERENCES
[1] Oracle Critical Patch Update Advisory - October 2018
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
[2] Text Form of Oracle Critical Patch Update - October 2018 Risk
Matrices
https://www.oracle.com/technetwork/security-advisory/cpuoct2018verbose-5170927.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBW8aoFGaOgq3Tt24GAQhiIg//WJ7JMjgtfUygktYQws403ZMSTmW7ENan
cu5rgEeekv41fd+GLKXUi8qOwftIebmE0sSbW+ZiKYIgVU+G5kXPMZ7dtmzk9D/Y
huHBjgUfmOInr51hrlfk+FD/xIDUQ+NwUAYPPqo9jWxPJuuwNqdormcblVkL807s
IUnoRecBnyQL22kstgPmOMwAxa6PdTSqMU2YA1HYKRRxO5FLuZzcvljS2IvM1aEn
+kVUD+UTb8XNIXDMlnI086NhfWbo5nZt4rMef+wh1xy3klzHECz8AB1jcgkypTzv
479iB7Gu5euAgvfU31VXtxmXPM4ed165kB1Eo2IpDT5/oU+6FTI2GvBL3P0F0xbx
fxdD1XeCD4CaMd5Xz4dOFsctfoIr7w686d8gvI8OIvspHda2vOXlmQiO0/IYMWeR
a3oNknZGil6pcMDMcVjc6uD6CjRsoqj5GnVVeja//d2LRTSu95/tfA7DQkyqK7ip
JbyN0Q9dUOakPnYD9zdb+it7sMGrzfyIr7xTXDGFmtFOh1hFPw/oKT9REOoKWznQ
+AQvLgCGGlaH9yPzG/HIRk33v3ZzQEj/gdc9UART2DYTP+guABjvHgFU6a3QGIoL
DaMhAGNP+gJFuTglbxi5oxBoyU4UgH0dvtVE0JdjLhLbxxFiJBtQ7sCb4mV27aD+
1O7RA/s1p/w=
=zbkZ
-----END PGP SIGNATURE-----