Oracle Security Vulnerabilities?

Similar Messages

• Are Security Vulnerabilities fixed by applying Oracle Server Patchsets

  Hi,
  I would like to know whether by applying Oracle Server Patchsets or by upgrading the Oracle Server from one version to another do we overcome the Security Vulnerabilities highlighted in the previous patchset or Oracle Server Version.
  For example if I have an Oracle Server 9.2.0.1 and I apply server patchest 9.2.0.8 do I overcome all the security vulnerabilities highlighted for version 9.2.0.1 and all other intervening versions. Similarly, if I upgrade my Oracle Server 9.2.0.6 to say Oracle Server 10g 10.2.0.3 do I overcome all security vulnerabilites highlighted fro 9.2.0.6 and all other intervening releases.
  Best Regards
  Syed Zaib ul Qamar

  Is there a link; or where can I go to find the types of and/or categories for the security vulnerabilities associated with (past and present) versions of Oracle? I work with a very large team of developers and some are DBAs that perform mainly custom coding in C++ and a little in Ada. I would like to ensure that our team is continually aware of the both past and current Oracle vulnerabilities when developing applications/scripts (designing, coding, reviewing, building, etc.), testing (including security) , quality assurance, packaging, and etc.
  Perhaps, this is a lot to ask; but, this at least a good palce to start.

• Oracle XDK Java removing security vulnerabilities

  Hi All,
  I am looking for removing security vulnerabilities that may be associated with XML parsers.
  I am looking which version of Oracle XDK Java has removed security vulnerabilities associated with XML Parsing.
  Also what is the latest version Oracle XDK Java is present in market.
  Also is new version are backward compatible. Do we need to see is any change in API level occurs.
  Currently we are using Oracle XDK Java 10.2.0.2.
  Just a description of security vulnerabilities that may be associated with XML parsers are
  "The vulnerabilities are related to the parsing of XML elements with unexpected byte values and recursive parentheses, which cause the program to access memory out of bounds, or to loop indefinitely. The effects of the vulnerabilities include denial of service and potentially code execution. The vulnerabilities can be exploited by enticing a user to open a specially modified file, or by submitting it to a server that handles XML content.:
  Regards
  Atul Parti

  Which JVM is the security tool complaining about (what is the directory path, for example)?
  My guess is that the tool is complaining about the older JVM that Oracle installs in order to run the Oracle Universal Installer and the other Java-based installation tools.  If that's the case, those JVMs do not generally represent a security issue because they are not running anything on a day-to-day basis.  They're only used by things like the OUI which only get invoked when someone wants to do something like install new software.  Ideally, you'd be able to have the conversation with the security folks and explain that those older JVMs exist only for the limited purpose of running the OUI and the other configuration tools. 
  If the security folks want you to upgrade the Java version (as opposed to just installing patches to the older JVMs), that has a decent probability of breaking the various installation and configuration tools.  That may not have much impact on a day-to-day basis but may make administration tasks in the future more challenging. 
  Justin

• Security vulnerabilities in apache that comes with oracle database.

  Hi,
  We are having a QA database in Oracle enterprise version 9.2.0.4 on OS : OSF1.
  Recently our security team ran a test and found that the apache1.3 that comes as component of Oracle database is prone to security vulnerabilities. Also they suggested to remove the apache or upgrade to latest as remedy.
  When contacted to Oracle support, Oracle team replied apache upgrade should not be done instead latest apache seprately can be installed as reverse proxy. But when asked for steps/document there is no reply. Anyone faced this problem can provide any help/suggestion in this regard.
  I am attaching some of the threads identified by our Security Team for reference.
  1. Apache 1.3 HTTP Server Expect Header Cross-Site Scripting XXXX and YYYYYY ports 7782, 4889, 3339.
  2. Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness
  3. Keep-Alive: timeout=15, max=100
  Connection: Keep-Alive
  Transfer-Encoding: chunked
  Content-Type: text/html; charset=iso-8859-1
  <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  <HTML><HEAD>
  <TITLE>417 Expectation Failed</TITLE>
  </HEAD><BODY>
  <H1>Expectation Failed</H1>
  The expectation given in the Expect request-header
  field could not be met by this server.<P>
  The client sent<PRE>
  Expect: <script>alert(document.domain)</script>
  </PRE>
  but we only allow the 100-continue expectation.
  -CR

  I dont know how to find which components are using the apache. Help me if there is any way to find it. Only information i can say you is there is no other software installed that in that server other than oracle Database.

• ORA-28374: typed master key not found in wallet (no ORACLE.SECURITY.TS.ENCR

  Good afternoon! I have a problem with creating a wallet for TDE.
  Oracle Version 11.2.0.2.0.
  SQLNET.ORA is :
  NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
  ADR_BASE = /app/oracle
  # TO SWITCH OFF ORACLE ADR FEATURE
  # DIAG_ADR_ENABLED=off
  DIAG_SIGHANDLER_ENABLED=FALSE
  DIAG_RESTRICTED=TRUE
  TRACE_LEVEL_SERVER=admin
  TRACE_LEVEL_CLIENT=admin
  TRACE_DIRECTORY_SERVER=/app/oracle/product/11.2.0/db_1/network/log
  TRACE_DIRECTORY_CLIENT=/app/oracle/product/11.2.0/db_1/network/log
  TRACE_FILE_CLIENT=cli
  TRACE_FILE_SERVER=srv
  TRACE_UNIQUE_CLIENT=off
  SQLNET.EXPIRE_TIME = 10
  SQLNET.INBOUND_CONNECT_TIMEOUT = 20
  SQLNET.ENCRYPTION_SERVER = REQUESTED
  SQLNET.ENCRYPTION_CLIENT = REQUESTED
  SQLNET.CRYPTO_SEED = 'KakdlkLAKMXM0000sdsdsadadeffdmsdmdkmdv'
  SQLNET.ENCRYPTION_TYPES_SERVER= (AES256,RC4_256,3DES112,DES)
  SQLNET.CRYPTO_CHECKSUM_SERVER = REQUESTED
  SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER = (SHA1,MD5)
  ENCRYPTION_WALLET_LOCATION =
  (SOURCE=
  (METHOD=file)
  (METHOD_DATA=
  (DIRECTORY=/app/oracle/admin/orcl/wallet)
  I've creted wallet by command :
  alter system set encryption key identified by "sdsdsdsds";
  After that i can close and reopen this wallet , it's ok. But i can't create crypted tablaspace :
  CREATE TABLESPACE RMD DATAFILE '/oradata/orcl/TDE.dbf' SIZE 600M
  AUTOEXTEND ON NEXT 100M MAXSIZE 2000M
  EXTENT MANAGEMENT LOCAL UNIFORM SIZE 64K ENCRYPTION USING 'AES256' DEFAULT STORAGE (ENCRYPT);
  i've got an error ORA-28374: typed master key not found in wallet
  My wallet looks like :
  Requested Certificates:
  Subject: CN=oracle
  User Certificates:
  Oracle Secret Store entries:
  ORACLE.SECURITY.DB.ENCRYPTION.ASSSDSeFDX08Evy6Mco2yhXsAsdsdsdsdsdefdfdfdfddfddfdfdfAAAA
  ORACLE.SECURITY.DB.ENCRYPTION.MASTERKEY
  Trusted Certificates:
  As i uderstood there should be also entry like ORACLE.SECURITY.TS.ENCRYPTION. But why this didn't created into wallet by command : alter system set encryption key identified by "sdsdsdsds" ?
  Thanks!
  Edited by: user5819915 on 13-Jan-2012 03:25

  Hi there,
  first, "SQLNET.CRYPTO_SEED = 'KakdlkLAKMXM0000sdsdsadadeffdmsdmdkmdv" is no longer needed, the DB creates a seed itself and ignores this string.
  Then, on to TDE ...: These things happen if you had a wallet before, and that wallet was deleted; now if you create a new wallet, the TS MK is missing. Looks like you didn't encrypt any data yet. You might see if you get https://updates.oracle.com/download/8682102.html for your DB version; apply the patch, decrypt all data, cycle through all log files and then create a new wallet. That might work, but I can't promise.
  Peter

• Oracle Security Patch Error while applying --The filename, directory name,

  Hello,
  I am running into strange error while applying Oracle Security Patch 68 by using Opatch.
  Supposedly, All the environment variables are set properly.
  ACTIVE_STATE_PERL=true
  DBMS_TYPE=ORA
  dbs_ora_tnsname=YBQ
  JAVA_HOME=C:\jdk1.3.1_10
  OPATCH_DEBUG=TRUE
  ORACLE_HOME=E:\oracle\ora92
  ORACLE_SID=YBQ
  Path=E:\oracle\OPatch;C:\jdk1.3.1_10\bin;E:\oracle\Perl\bin;E:\oracle\ora92\jre\1.4.2\bin\client;E:\oracle\ora92\jre\1.4.2\bin;E:\oracle\ora92\bin;C:\Program Files\Oracle\jre\1.3.1\bin;C:\Program Files\Oracle\jre\1.1.8\bin;C:\Program Files\Common Files\VERITAS Shared;\NetBackup\bin;C:\Program Files\Windows Resource Kits\Tools\;C:\Program Files\Support Tools\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;E:\usr\sap\YBQ\SYS\exe\run
  Installed Active Perl. latest version
  downloaded Opatch 1.0.0.50
  and the patch number 3738339
  I went to that directory and run the command :
  perl opatch.pl apply
  It started of well.
  OPatch version is: 1.0.0.0.50
  Using ORACLE_HOME/oui to look up oui libs...
  Oracle Home = E:\oracle\ora92
  Location of Oracle Inventory = E:\oracle\ora92\inventory
  Oracle Universal Installer shared library = E:\oracle\ora92\oui\lib\win32\oraInstaller.dll
  Path to Java = "E:\oracle\ora92\jre\1.4.2\bin\java.exe"
  Location of Oracle Inventory Pointer = N/A
  Location of Oracle Universal Installer components = E:\oracle\ora92\oui
  Required Jar File under Oracle Universal Installer = jlib\OraInstaller.jar
  find under OH/oui/jlib
  found OraInstaller.jar
  Checking if this is a RAC system...
  Accessing inventory... This may take up to 300 seconds.
  (retry 10 times, delay 30 seconds each time)
  System Command: ""E:\oracle\ora92\jre\1.4.2\bin\java.exe" -Dopatch.retry=10 -Dopatch.delay=30 -DTRACING.ENABLED=TRUE -DTRACING.LEVEL=2 -Dopatch.debug=true -classpath "E:\oracle\ora92\oui\jlib\OraInstaller.jar;E:\oracle\ora92\oui\jlib\srvm.jar;jlib\opatch.jar;E:\oracle\ora92\oui\jlib\xmlparserv2.jar;E:\oracle\ora92\oui\jlib\share.jar;.:E:\oracle\ora92\jlib\srvm.jar" opatch/O2O "e:\oracle\ora92" "E:\oracle\ora92\oui" opatch.pl 1.0.0.0.50"
  Result:
  ----- DEBUG is ON -------
  oracle.installer.startup_location will be set to E:\oracle\ora92\oui
  oracle.installer.oui_loc will be set to E:\oracle\ora92\oui
  oracle.installer.scratchPath will be set to /tmp
  opatch.local_node_only is OFF
  retryOption is ON: 10
  delayOption is ON: 30
  Few more stuff here .. not pasting the entire contents
  System Command: ""E:\oracle\ora92\jre\1.4.2\bin\java.exe" -Dopatch.retry=10 -Dopatch.delay=30 -DTRACING.ENABLED=TRUE -DTRACING.LEVEL=2 -Dopatch.debug=true -classpath "E:\oracle\ora92\oui\jlib\OraInstaller.jar;E:\oracle\ora92\oui\jlib\srvm.jar;jlib\opatch.jar;E:\oracle\ora92\oui\jlib\xmlparserv2.jar;E:\oracle\ora92\oui\jlib\share.jar;." opatch/CheckConflict "E:\oracle\ora92\oui" "e:\oracle\ora92" opatch.pl 1.0.0.0.50 3738339 "3741539 3528282 3516951 3622875 3668572 3371796 3239873 3356103 3543125 3666502 2800494 2824035 2964252 3617042 3320622 3571233 3253770 3492040 3566469 3354470 3625370 3583686 3150750 3617519 3635177 3597640 3749394 3542588 3698501 2954891 2918138 3559212 3518909 3412818 3430832 3172282 3358490 3637624 3458446 3179637 2810394 3668224 3609791 3566813 3475932 2338704 3412136 3388633 3540576 3571226 3575743 2690205 3240280 3509265 3177513 3575747 3811906 3554319 3752406 3323435 " E:\3738339\etc\config\actions"
  Result:
  opatch.pl version: 1.0.0.0.50
  Copyright (c) 2001-2004 Oracle Corporation. All Rights Reserved.
  The filename, directory name, or volume label syntax is incorrect.
  Error in executing Java program to check conflict
  ERROR: OPatch failed during pre-reqs check.
  Now there is no problem with executing the last java program in the same prompt by removing the first and the last double quote "
  Please advise.
  Thanks in advance.

  hi somnath,
  this is the portal content management forum. for your database question please use the database forums:
  http://forums.oracle.com/forums/index.jsp?cat=18
  thanks,
  christian

• Windows domain authentication on Oracle Secure Global Desktop

  Hello,
  I made an upgrade of my oracle secure global desktop 4.62 version to 5.1 version.
  The problem is, I was using Windows Domain Authentication in 4.62 and this kind of authentication is not available in the 5.1 version.
  So now, my users cannot log in the application.
  Do you have a solution ?
  Thanks

  What are you authenticating to specifically?  An AD server?  Are you using any of the supported authentication mechanisms now supported?
  http://docs.oracle.com/cd/E41492_01/E41495/html/sgd-authentication.html#system-authentication-mechanisms-table

• Oracle.security.idm.OperationFailureException in ucm server logs

  Hi,
  We have integrated IDM (OID and OAM) in our weblogic servers. For some specific users when they try to access, below error seems to be recorded in UCM server logs.
  Event generated by user '10819' at host 'CIS'. csJpsErrorLoadingSecurityInfo Unable to execute service method 'next'. oracle.security.idm.OperationFailureException: javax.naming.InvalidNameException: Invalid name: ldap:. javax.naming.InvalidNameException: Invalid name: ldap:. [ Details ]
  An error has occurred. The stack trace below shows more information.
  !csUserEventMessage,10819,CIS!$!$csJpsErrorLoadingSecurityInfo!csUnableToExecMethod,next!syJavaExceptionWrapper,oracle.security.idm.OperationFailureException: javax.naming.InvalidNameException: Invalid name: ldap:!syJavaExceptionWrapper,javax.naming.InvalidNameException: Invalid name: ldap:
  intradoc.common.ServiceException: csJpsErrorLoadingSecurityInfo
  at idc.provider.jps.JpsUserProvider.loadSecurityInfo(JpsUserProvider.java:601)
  at idc.provider.jps.JpsUserProvider.checkCredentials(JpsUserProvider.java:229)
  at intradoc.server.UserStorageImplementor.checkExternalProvidersForUser(UserStorageImplementor.java:653)
  at intradoc.server.UserStorageImplementor.retrieveUserDatabaseProfileDataImplement(UserStorageImplementor.java:306)
  at intradoc.server.UserStorage.retrieveUserDatabaseProfileDataEx(UserStorage.java:159)
  at intradoc.server.UserStorageUtils.loadUserData(UserStorageUtils.java:88)
  at intradoc.server.ServiceSecurityImplementor.loadUserData(ServiceSecurityImplementor.java:538)
  at intradoc.server.ServiceSecurityImplementor.globalSecurityCheck(ServiceSecurityImplementor.java:221)
  at intradoc.upload.UploadSecurityImplementor.globalSecurityCheck(UploadSecurityImplementor.java:57)
  at intradoc.server.Service.globalSecurityCheck(Service.java:2671)
  at intradoc.server.ServiceRequestImplementor.doRequest(ServiceRequestImplementor.java:678)
  at intradoc.server.Service.doRequest(Service.java:1890)
  at intradoc.server.ServiceManager.processCommand(ServiceManager.java:435)
  at intradoc.server.IdcServerThread.processRequest(IdcServerThread.java:265)
  at intradoc.server.IdcServerThread.run(IdcServerThread.java:160)
  at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
  Caused by: intradoc.common.ServiceException: !csUnableToExecMethod,next
  at intradoc.common.ClassHelper.invoke(ClassHelper.java:168)
  at intradoc.common.ClassHelper.invoke(ClassHelper.java:135)
  at idc.provider.jps.JpsUserProvider.loadSecurityInfo(JpsUserProvider.java:502)
  ... 17 more
  Caused by: oracle.security.idm.OperationFailureException: javax.naming.InvalidNameException: Invalid name: ldap:
  at oracle.security.idm.providers.stdldap.util.LDAPRealm.throwException(LDAPRealm.java:758)
  at oracle.security.idm.providers.stdldap.util.LDAPRole.getName(LDAPRole.java:360)
  at oracle.security.idm.providers.stdldap.LDRole.getName(LDRole.java:65)
  at oracle.security.idm.providers.stdldap.LDRole.&#60;init&#62;(LDRole.java:60)
  at oracle.security.idm.providers.stdldap.LDIdentityStore.getNewRoleInstance(LDIdentityStore.java:742)
  at oracle.security.idm.providers.stdldap.LDSearchResponse.next(LDSearchResponse.java:111)
  at sun.reflect.GeneratedMethodAccessor274.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
  at java.lang.reflect.Method.invoke(Method.java:611)
  at intradoc.common.ClassHelper.invokeRawEx(ClassHelper.java:195)
  at intradoc.common.ClassHelper.invokeRaw(ClassHelper.java:175)
  at intradoc.common.ClassHelper.invoke(ClassHelper.java:157)
  ... 19 more
  Caused by: javax.naming.InvalidNameException: Invalid name: ldap:
  at org.apache.harmony.jndi.internal.parser.LdapRdnParser.checkTypeRestrictionsStatic(LdapRdnParser.java:243)
  at org.apache.harmony.jndi.internal.parser.LdapRdnParser.getListForRdn(LdapRdnParser.java:226)
  at javax.naming.ldap.Rdn.&#60;init&#62;(Rdn.java:111)
  at org.apache.harmony.jndi.internal.parser.LdapNameParser.getList(LdapNameParser.java:106)
  at javax.naming.ldap.LdapName.&#60;init&#62;(LdapName.java:57)
  at oracle.security.idm.providers.stdldap.util.LDAPRole.getName(LDAPRole.java:332)
  Please suggest, how to remove this error.
  Regards
  Boopathy P

  It seems that chunking is causing the issue. In the HTTP Transport Configuration Options of your business service, disable the setting "Use Chunked Streaming Mode"
  Regards,
  Anuj

• Oracle Secure Backup 10.3.0.3.0 in Windows 2003 with IBM Tape Not Working

  Hi,
  I am currently implementing Oracle Secure Backup. My environment is this:
  OS: Windows Server 2003 (32Bit) for all servers
  Database: Oracle Database 11.2.0.1.0
  Tape Library: IBM-ULT 3580-TD4
  I will have to configure 2 machines to work with OSB: server01 and server02.
  Server01:
  This serves as the client, admin, mediaserver
  Server02:
  This will serve as the client, admin
  When I log in to Server01, in the device manager, I can see the Tape Drives (no warnings, no questions marks) so I think it's good.
  When I log in to Server02, in the device manager, there are no Tape Drives seen. Is is ok or shall i configure the IBM Tape drives to be also accessible since this is just the client, admin host?
  Also I have noticed that when I installed the OSB in Server02 (client,admin), when I am on the SCSI Devices, i dont see any tape device (since its not in the device manager). Because of this i cannot start OSB Services and cannot add this host to the mediaserver.
  Also, I am having issues Configuring the Library and the devices. I have read the official documentation completely but i think its very general and it does not present the detailed step-by-step process in installing and configuring OSB.
  When I issued: lsdev -lvg in the mediaserver , I can read an error: Warning: bus info unknown or drive not installed.
  Help is very much appreciated. Thanks a lot guys!

  I have resolved the issue. Ill close this thread. :))

• Error while starting Oracle Secure Backup Service on Windows

  Hi,
  I've installed an Oracle 10gR2 database, and an OSB on a Windows XP (SP2) machine, and when trying to start the service (Oracle Secure Backup Services) I got the following error :
  "Unknown():Unable to load dynamic library'./php_osb.dll'-The operating system cannot run %1"
  This error message pops up 2-3 times, and I cannot login to OSB web page.
  My database works ok, but I cannot "test" OSB
  Anyone else had the same problem? Any ideas ?
  Thanks,
  Panagiotis

  Hi-- could you please describe your administrative domain?
  I need to know the operating systems on each of the
  clients and the OSB admin server. Also, does 'obtool' CLI
  tool work? Do any of the machines act as an apache webserver
  for another application? Is there any other backup service
  running on any of the machines?
  thanks,
  Judy
  I noticed that when re-installing the OSB without the
  Administrative Server (only Media Server and Client)
  I got no errors at all (but still cannot connect from
  another Administratice Server to my machine)

• How to install and configure oracle secure backup(osb-10.4.0.3.0_linux.x64) in linux

  Hello,
  We are planning to install and configure Oracle Secure Backup Version 10.4 in Linux server. I had searched documents and i have not find any relevant steps to install and configure in OEL 6.2.
  Can anyone please suggest me how to install and configure OSB.
  Regards,
  Anil

  Hi
  Installing OSB on Oracle Linux is just the same as installing on any other supported linux and is described in Installation and Configuration guide. Just stick with the directories and procedure described in install guide and you should be fine.
  For media server choose a physical host due to performance considerations. I think it is mentioned in docs somewhere.
  Regards,
  Mitja

• Oracle Secure Backup is not Appeared in EM

  Dear Sir,
  i have tried to show Oracle Secure Back in my EM as described in its Admin Guide
  a. Navigate to the ORACLE_HOME/hostname_SID/sysman/config directory
  and open the emoms.properties file in a text editor.
  b. Set osb_enabled=true and save the file.
  c. Stop the Oracle Enterprise Manager Database Control console as follows:
  emctl stop dbconsole
  d. Restart the Oracle Enterprise Manager Database Control console as follows:
  emctl start dbconsole
  But after this setting i am not able to see any thing in my EM.
  Any one has idea baout it, what reason it may be.....
  I can access my Oracle Secure Backup by
  https://<host name>:1158/....
  Any Body has any idea, please help
  Regards
  Muhammad Hafeez

  There is a separate forum for Oracle Secure Backup, You will get better response if you post it there.
  Secure Backup
  Daljit Singh

• How to determine which of the Oracle security products have been installed

  Hello!
  I would like to determine whether or not the Oracle security products have been installed for an Oracle database.
  The Oracle security products are:
  * Oracle Database Vault
  * Oracle Audit Vault
  * Oracle Configuration Management
  * Oracle Total Recall
  * Oracle Advanced Security
  * Oracle Data Masking
  * Oracle Label Security
  * Oracle Secure Backup
  * Oracle Database Firewall
  So what I thought is to look at the "DBA_REGISTRY" table which displays information about the components loaded into the database.
  But on the other hand there also is the "V$OPTION" view which lists database options and features.
  Does anybody know, how I could correctly determine whether or not each of the product is installed?
  I guess for "Oracle Database Vault" I should query V$OPTION, but what should I do with the other ones? And in case DBA_REGISTRY would be the right table, how would the comp_ids look like for the products?
  SELECT 'Oracle Database Vault' , nvl( (SELECT VALUE FROM V$OPTION WHERE PARAMETER = 'Oracle Database Vault'),'FALSE') FROM sys.dual
  OR
  SELECT 'Oracle Database Vault' , nvl2( (SELECT 'valueFound' FROM DBA_REGISTRY WHERE comp_id = '??????' AND status NOT IN ('INVALID', 'REMOVING' , 'REMOVED')),'TRUE','FALSE') FROM sys.dual
  Thanks in advance
  Kai

  Hi kai;
  There are some script avaliable on net, first please check them and run it on test server first!
  http://www.google.com.tr/#hl=tr&biw=1259&bih=793&q=installed%2Bproducts%2Boracle&aq=f&aqi=&aql=&oq=&gs_rfai=&fp=71a534c4a5161590
  Secondly you can check oraInventory and also oratab file or you can run runInstaller and can check Installed product tab on installation screen
  Regard
  Helios

• Oracle RAC and Oracle Secure Backup Express

  I am building a new RAC environment - 7-Nodes on Linux.
  We are very interested in reviewing Oracle Secure Backup, possible Oracle Secure Backup Express.
  My understanding about Oracle Secur eBackup Express is it is licensed "free" as long as you are working with a single tape drive.
  Does anyone know - does this apply to RAC as well?
  Thanks

  Please refer to the OSB licensing document for
  specific differences between OSB-XE and OSB:
  http://download-west.oracle.com/docs/cd/B32520_01/doc/
  license.101/b25528/toc.htm
  In general, we recommend you backup each RAC node to
  insure all local files are protected which would mean
  the OSB-XE edition would not be recommended since
  OSB-XE is backup of one server.Thank you - I will review this.
  .. and your White Papers regarding performance were just what I was looking for.

• NoClassDefFoundError: oracle/security/jps/JpsException

  I have a web service developed in JDeveloper 12c (12.1.2) using the Generate Web Service from WSDL option. Inside the service implementation class I create a root application module like so:
  ApplicationModule am = Configuration.createRootApplicationModule("xxx.model.XXX_AppModule", "XXX_AppModuleLocal");
  When I test it in the integrated WebLogic server through JDeveloper, the web service works fine. However when I deploy the application (including the web service) to a production WebLogic server, I get the following error in the logs when testing it:
  ####<22-Jul-2014 14:51:09 o'clock BST> <Notice> <StdErr> <XXXXXXXXXXXX> <Engineering> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1406037069434> <BEA-000000> <Jul 22, 2014 2:51:09 PM oracle.adf.share.ADFContext getCurrent
  WARNING: Automatically initializing a DefaultContext for getCurrent.
  Caller should ensure that a DefaultContext is proper for this use.
  Memory leaks and/or unexpected behaviour may occur if the automatic initialization is performed improperly.
  This message may be avoided by performing initADFContext before using getCurrent().
  For more information please enable logging for oracle.adf.share.ADFContext at FINEST level.>
  ####<22-Jul-2014 14:51:10 o'clock BST> <Error> <com.sun.xml.ws.server.sei.TieHandler> <XXXXXXXXXXXX> <Engineering> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1406037070692> <BEA-000000> <oracle/security/jps/JpsException
  java.lang.NoClassDefFoundError: oracle/security/jps/JpsException
    at java.lang.Class.forName0(Native Method)
    at java.lang.Class.forName(Class.java:270)
    at oracle.adf.share.common.ClassUtils.forName(ClassUtils.java:53)
    at oracle.adf.share.security.credentialstore.CredentialStoreContext.getCredentialStorage(CredentialStoreContext.java:186)
    at oracle.adf.share.security.credentialstore.CredentialStoreContext.getCredentialProvisioner(CredentialStoreContext.java:109)
    at oracle.adf.share.security.credentialstore.CredentialProvisioner.<init>(CredentialProvisioner.java:44)
    at oracle.adf.share.jndi.CredentialStoreHelper.<init>(CredentialStoreHelper.java:54)
    at oracle.adf.share.jndi.CredentialStoreHelper.<init>(CredentialStoreHelper.java:48)
    at oracle.adf.share.jndi.ReferenceStoreHelper.loadCredentials(ReferenceStoreHelper.java:1082)
    at oracle.adf.share.jndi.ReferenceStoreHelper.createReference(ReferenceStoreHelper.java:726)
    at oracle.adf.share.jndi.ReferenceStoreHelper.getReferencesMapEx(ReferenceStoreHelper.java:331)
    at oracle.adf.share.jndi.ContextImpl.load(ContextImpl.java:850)
    at oracle.adf.share.jndi.ContextImpl.init(ContextImpl.java:480)
    at oracle.adf.share.jndi.ContextImpl.<init>(ContextImpl.java:78)
    at oracle.adf.share.jndi.InitialContextFactoryImpl.getInitialContext(InitialContextFactoryImpl.java:17)
    at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
    at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
    at javax.naming.InitialContext.init(InitialContext.java:242)
    at javax.naming.InitialContext.<init>(InitialContext.java:216)
    at oracle.adf.share.jndi.AdfInitialContext.<init>(AdfInitialContext.java:93)
    at oracle.adf.share.jndi.AdfInitialContext.newAdfInitialContext(AdfInitialContext.java:74)
    at oracle.adf.share.jndi.AdfJndiConfig.getDefaultConnectionsContext(AdfJndiConfig.java:79)
    at oracle.adf.share.config.FallbackConfigImpl.getDefaultConnectionsContext(FallbackConfigImpl.java:306)
    at oracle.adf.share.config.ADFConfigImpl.getConnectionsContext(ADFConfigImpl.java:755)
    at oracle.jbo.client.CADatabaseConnectionProvider.getDatabaseProvider(CADatabaseConnectionProvider.java:177)
    at oracle.jbo.client.CADatabaseConnectionProvider.loadConnectionProperties(CADatabaseConnectionProvider.java:151)
    at oracle.jbo.client.Configuration.initializeFromConnectionName(Configuration.java:1109)
    at oracle.jbo.client.config.ConfigurationProviderManager.resolveConfiguration(ConfigurationProviderManager.java:113)
    at oracle.jbo.client.config.ConfigurationProviderManager.getConfiguration(ConfigurationProviderManager.java:54)
    at oracle.jbo.common.ampool.PoolMgr.findPool(PoolMgr.java:534)
    at oracle.jbo.client.Configuration.createRootApplicationModule(Configuration.java:1393)
    at xxx.service.util.ServiceUtils.getApplicationModule(ServiceUtils.java:28)
    at com.baesystems.wdms.ELKITInterfaceImpl.getLoomDetail(ELKITInterfaceImpl.java:85)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker.invoke(WLSInstanceResolver.java:117)
    at weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker.invoke(WLSInstanceResolver.java:91)
    at com.sun.xml.ws.server.InvokerTube$2.invoke(InvokerTube.java:149)
    at com.sun.xml.ws.server.sei.SEIInvokerTube.processRequest(SEIInvokerTube.java:88)
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1136)
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1050)
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:1019)
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:877)
    at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:420)
    at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:687)
    at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:266)
    at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:169)
    at weblogic.wsee.jaxws.WLSServletAdapter.handle(WLSServletAdapter.java:205)
    at weblogic.wsee.jaxws.HttpServletAdapter$AuthorizedInvoke.run(HttpServletAdapter.java:634)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
    at weblogic.wsee.util.ServerSecurityHelper.authenticatedInvoke(ServerSecurityHelper.java:108)
    at weblogic.wsee.jaxws.HttpServletAdapter$3.run(HttpServletAdapter.java:278)
    at weblogic.wsee.jaxws.HttpServletAdapter.post(HttpServletAdapter.java:287)
    at weblogic.wsee.jaxws.JAXWSServlet.doRequest(JAXWSServlet.java:134)
    at weblogic.servlet.http.AbstractAsyncServlet.service(AbstractAsyncServlet.java:99)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:844)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:280)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:254)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:136)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:341)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:238)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3363)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3333)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:57)
    at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2220)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2146)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2124)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1564)
    at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:254)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:295)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:254)
  Caused By: java.lang.ClassNotFoundException: oracle.security.jps.JpsException
    at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
    at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
    at java.security.AccessController.doPrivileged(Native Method)
    at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
    at java.lang.Class.forName0(Native Method)
    at java.lang.Class.forName(Class.java:270)
    at oracle.adf.share.common.ClassUtils.forName(ClassUtils.java:53)
    at oracle.adf.share.security.credentialstore.CredentialStoreContext.getCredentialStorage(CredentialStoreContext.java:186)
    at oracle.adf.share.security.credentialstore.CredentialStoreContext.getCredentialProvisioner(CredentialStoreContext.java:109)
    at oracle.adf.share.security.credentialstore.CredentialProvisioner.<init>(CredentialProvisioner.java:44)
    at oracle.adf.share.jndi.CredentialStoreHelper.<init>(CredentialStoreHelper.java:54)
    at oracle.adf.share.jndi.CredentialStoreHelper.<init>(CredentialStoreHelper.java:48)
    at oracle.adf.share.jndi.ReferenceStoreHelper.loadCredentials(ReferenceStoreHelper.java:1082)
    at oracle.adf.share.jndi.ReferenceStoreHelper.createReference(ReferenceStoreHelper.java:726)
    at oracle.adf.share.jndi.ReferenceStoreHelper.getReferencesMapEx(ReferenceStoreHelper.java:331)
    at oracle.adf.share.jndi.ContextImpl.load(ContextImpl.java:850)
    at oracle.adf.share.jndi.ContextImpl.init(ContextImpl.java:480)
    at oracle.adf.share.jndi.ContextImpl.<init>(ContextImpl.java:78)
    at oracle.adf.share.jndi.InitialContextFactoryImpl.getInitialContext(InitialContextFactoryImpl.java:17)
    at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
    at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
    at javax.naming.InitialContext.init(InitialContext.java:242)
    at javax.naming.InitialContext.<init>(InitialContext.java:216)
    at oracle.adf.share.jndi.AdfInitialContext.<init>(AdfInitialContext.java:93)
    at oracle.adf.share.jndi.AdfInitialContext.newAdfInitialContext(AdfInitialContext.java:74)
    at oracle.adf.share.jndi.AdfJndiConfig.getDefaultConnectionsContext(AdfJndiConfig.java:79)
    at oracle.adf.share.config.FallbackConfigImpl.getDefaultConnectionsContext(FallbackConfigImpl.java:306)
    at oracle.adf.share.config.ADFConfigImpl.getConnectionsContext(ADFConfigImpl.java:755)
    at oracle.jbo.client.CADatabaseConnectionProvider.getDatabaseProvider(CADatabaseConnectionProvider.java:177)
    at oracle.jbo.client.CADatabaseConnectionProvider.loadConnectionProperties(CADatabaseConnectionProvider.java:151)
    at oracle.jbo.client.Configuration.initializeFromConnectionName(Configuration.java:1109)
    at oracle.jbo.client.config.ConfigurationProviderManager.resolveConfiguration(ConfigurationProviderManager.java:113)
    at oracle.jbo.client.config.ConfigurationProviderManager.getConfiguration(ConfigurationProviderManager.java:54)
    at oracle.jbo.common.ampool.PoolMgr.findPool(PoolMgr.java:534)
    at oracle.jbo.client.Configuration.createRootApplicationModule(Configuration.java:1393)
    at xxx.service.util.ServiceUtils.getApplicationModule(ServiceUtils.java:28)
    at com.baesystems.wdms.ELKITInterfaceImpl.getLoomDetail(ELKITInterfaceImpl.java:85)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker.invoke(WLSInstanceResolver.java:117)
    at weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker.invoke(WLSInstanceResolver.java:91)
    at com.sun.xml.ws.server.InvokerTube$2.invoke(InvokerTube.java:149)
    at com.sun.xml.ws.server.sei.SEIInvokerTube.processRequest(SEIInvokerTube.java:88)
    at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1136)
    at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1050)
    at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:1019)
    at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:877)
    at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:420)
    at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:687)
    at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:266)
    at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:169)
    at weblogic.wsee.jaxws.WLSServletAdapter.handle(WLSServletAdapter.java:205)
    at weblogic.wsee.jaxws.HttpServletAdapter$AuthorizedInvoke.run(HttpServletAdapter.java:634)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
    at weblogic.wsee.util.ServerSecurityHelper.authenticatedInvoke(ServerSecurityHelper.java:108)
    at weblogic.wsee.jaxws.HttpServletAdapter$3.run(HttpServletAdapter.java:278)
    at weblogic.wsee.jaxws.HttpServletAdapter.post(HttpServletAdapter.java:287)
    at weblogic.wsee.jaxws.JAXWSServlet.doRequest(JAXWSServlet.java:134)
    at weblogic.servlet.http.AbstractAsyncServlet.service(AbstractAsyncServlet.java:99)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:844)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:280)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:254)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:136)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:341)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:238)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3363)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3333)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:57)
    at weblogic.servlet.internal.WebAppServletContext.doSecuredExecute(WebAppServletContext.java:2220)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2146)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2124)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1564)
    at weblogic.servlet.provider.ContainerSupportProviderImpl$WlsRequestExecutor.run(ContainerSupportProviderImpl.java:254)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:295)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:254)
  I thought that maybe I needed to include the jsp-api.jar in the WEB-INF/lib directory in the web service WAR file, but that didn't make any difference.
  Any ideas?
  For reference, this is the structure of the EAR file that I deployed to the server:
  Application.ear
  /adf
    /META-INF
      /adf-config.xml
      /connections.xml
      /wsm-policy.xml
  /lib
    /adf-loc.jar
  /META-INF
    /application.xml
    /cwallet.sso
    /weblogic-application.xml
  /View.war (contains Trinidad pages and ADF BC classes)
  /WebService.war (contains web service and ADF BC classes)
    /WEB-INF
      /classes
      /lib
        /jps-api.jar
      /wsdl
        /XXXService.wsdl
        /xxx.xsd
      /web.xml
      /weblogic.xml

  The error is thrown by the weblogic Classloader as it is unable to load the class/package oracle.security.jps.JpsException
  This class is related to OPSS framework. Please add the relevant jar having the above class to the classpath or package it within the application to solve the issue.
  Vijaya
  =====