Posted in Community :
Oracle Applications
|
||
|
Source : http://searchsecurity.techtarget.com
Activity:
0 comments
198 views
last activity : 07 06 2010 20:18:04 +0000
|
||
|
|
Oracle Corp. plugged a severe flaw in the Apache plug-in for its WebLogic Server and addressed vulnerabilities in more than two dozen other products as part of its quarterly Critical Patch Update. Oracle said its security update contained patches for 36 flaws.
Oracle released six fixes to address vulnerabilities for the former BEA product line. Five of the vulnerabilities could be remotely exploited by an attacker. Eric Maurice, manager of security in Oracle's Global Technology Business Unit, warned customers that the most severe vulnerability was located in the Apache plug-in for Oracle WebLogic Server. The flaw could be exploited remotely by an attacker and was given a Common Vulnerability Scoring System (CVSS) base score of 10. The attacker doesn't have to be authenticated and could gain complete control of the server.
The CPU includes 15 new security vulnerability fixes for the Oracle Database. The highest CVSS score was 6.5.One of the more critical vulnerabilities is located in Oracle's core relational database management system and may be remotely exploited without authentication. The vulnerability exploits the network protocol between the Oracle client software and the Oracle server. It abuses the proxy account mechanism in the Oracle server. The flaw affects Oracle database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.2.
Compared to previous CPU's, the October release addressed fewer vulnerabilities, said Amichai Shulman, chief technology officer of Foster City, Calif.-based Imperva. In July, Oracle released 45 database and application fixes. Many of the database fixes released this month repair SQL injection vulnerabilities, he said.
"While their CVSS scores are not as high, I do think that they are actually more threatening than their scores suggest," Shulman said.
Oracle also plugged holes in its Publish and iPublish packages, which implement some of the services required to control and audit changes to specific columns in the database. The flaws affect Oracle database 10.1.0.5, 10.2.0.4, 11.1.0.6.
"These packages have been patched over and over again at least three times in the past two years," Shulman said.
In addition, six new security updates were released for Oracle Application Server. Two updates to Oracle Portal could be remotely exploited without authentication, Oracle said. In addition, four security updates were released to address issues in parts of the Oracle E-Business Suite. Problems in the Oracle Applications Technology Stack and the iSupplier Portal could be remotely exploited without authentication. Both vulnerabilities were given a medium-risk CVSS score of 5.0.
Five security vulnerability fixes were released by Oracle for its PeopleSoft Enterprise and JD Edwards Enterprise One products. Oracle said two of the vulnerabilities could be remotely exploited without authentication.
Oracle released six fixes to address vulnerabilities for the former BEA product line. Five of the vulnerabilities could be remotely exploited by an attacker. Eric Maurice, manager of security in Oracle's Global Technology Business Unit, warned customers that the most severe vulnerability was located in the Apache plug-in for Oracle WebLogic Server. The flaw could be exploited remotely by an attacker and was given a Common Vulnerability Scoring System (CVSS) base score of 10. The attacker doesn't have to be authenticated and could gain complete control of the server.
The CPU includes 15 new security vulnerability fixes for the Oracle Database. The highest CVSS score was 6.5.One of the more critical vulnerabilities is located in Oracle's core relational database management system and may be remotely exploited without authentication. The vulnerability exploits the network protocol between the Oracle client software and the Oracle server. It abuses the proxy account mechanism in the Oracle server. The flaw affects Oracle database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.2.
Compared to previous CPU's, the October release addressed fewer vulnerabilities, said Amichai Shulman, chief technology officer of Foster City, Calif.-based Imperva. In July, Oracle released 45 database and application fixes. Many of the database fixes released this month repair SQL injection vulnerabilities, he said.
"While their CVSS scores are not as high, I do think that they are actually more threatening than their scores suggest," Shulman said.
Oracle also plugged holes in its Publish and iPublish packages, which implement some of the services required to control and audit changes to specific columns in the database. The flaws affect Oracle database 10.1.0.5, 10.2.0.4, 11.1.0.6.
"These packages have been patched over and over again at least three times in the past two years," Shulman said.
In addition, six new security updates were released for Oracle Application Server. Two updates to Oracle Portal could be remotely exploited without authentication, Oracle said. In addition, four security updates were released to address issues in parts of the Oracle E-Business Suite. Problems in the Oracle Applications Technology Stack and the iSupplier Portal could be remotely exploited without authentication. Both vulnerabilities were given a medium-risk CVSS score of 5.0.
Five security vulnerability fixes were released by Oracle for its PeopleSoft Enterprise and JD Edwards Enterprise One products. Oracle said two of the vulnerabilities could be remotely exploited without authentication.
TrackBack URL:
0 comments on "Oracle patches dangerous WebLogic flaw, critical database holes"
Sort by:
Most Recent
Top Rated
Found the article
"Oracle patches dangerous WebLogic flaw, critical database holes"
interesting ?
Share with your connections and communities
Career Portal For IT Products Sector!
- Create a confidential Career Profile and Resume/C.V. online
- Get advice for planning their career and for marketing of experience and skills
- Maximize awareness of and access to the best career opportunities
Viewers also viewed
|
|
We say think positive be optimistic. We also say that we should find out our weakness and try to... |
|
|
1812 referals
14 arguments,
261 views
|
|
|
Terrorism vs Maoist |
|
|
191 referals
4 arguments,
41 views
|
|
|
China is selling Pakistan at least 36 advanced fighter jets in deal worth 1.4 billion dollars.... |
|
|
79 referals
25 arguments,
2201 views
|
|
|
|
|
|
|
Recent Knowledge (77)
|
|
Why is using email marketing services sometimes a better option than direct mail? There are many... |
|
|
0 referals
4 comments,
221 views
|
|
|
|
Accounting of revenues costs in Entertainment Ind. 13 May 2010 2,927 views No Comment A common... |
|
|
0 referals
1 comments,
286 views
|
|
|
Excerpt from the Book “Unposted Letter” by T. T. Rangarajan ’10 minutes early’ means I can live... |
|
|
2078 referals
27 comments,
377 views
|
|
|
|
|
Sponsored Jobs
More From Author
Hi, Internet marketing is using the Internet to do one or more of the following: * Communicate a company's message about itself, its products, or its services online. * Conduct research as to the nature (demographics, preferences, and needs) of... |
In general this seems like a great tactic in terms of scalability. Regarding uptime, you may want to Google "amazon down june 6" and see the results. Amazon was down for a couple of hours that day which also affected their cloud computing operations.... |
Project management is a evergreen field which ever industry it is. It is tough requires lot of planning, scheduling management where you can grow really well. You need to be tactful, smart initiator to get to the top. At the beginning, I guess you... |