Article

Oracle issues quarterly patches, fixes database flaws

SearchSecurity.com Staff

SearchSecurity.com:

To get security news and tips delivered to your inbox, click here to

    Requires Free Membership to View

sign up for our free newsletter.

Oracle issued its quarterly Critical Patch Update Tuesday, addressing 33 flaws across its product portfolio including critical flaws in Oracle Database and BEA WebLogic server.

The update repairs 10 database vulnerabilities. Three flaws can be remotely exploited without authentication. Database components affected by the errors included network foundation, advanced replication, network authentication, listener, Secure Enterprise Search and configuration management, Oracle said.

The network protocol layer, responsible for establishing and maintaining connections, was given a Common Vulnerability Scoring System (CVSS) score of 9 for Windows. A successful exploit could result in complete control of a database.

Oracle CPUs:

April - Oracle issues 43 updates, fixes serious database flaws: Oracle's quarterly Critical Patch Update contained patches for 16 database flaws and dozens of others correcting errors in Oracle Application Server and its BEA product line.

Jan - Oracle patches dangerous WebLogic, Secure Backup vulnerabilities: Oracle repaired several dangerous flaws in its BEA WebLogic server line and its Secure Backup software that could be exploited by an attacker to gain access to critical files.

"Since this is a protocol level attack, tools that monitor only SQL activity, native audit solutions, or solutions that have visibility only to internal host based activity, will not have any indication that the server is under attack," Amichai Shulman, chief technology officer and founder of database security vendor Imperva said in a statement.

Two security fixes were issued for Oracle Secure Backup. One of the vulnerabilities was given a CVSS score of 10 for Windows. It is remotely exploitable, does not require authentication and could allow an attacker to take complete control of a system.

The update also included five new security fixes for the Oracle BEA WebLogic server. A critical flaw in Oracle JRockit Java Virtual Machine was given the highest CVSS score of 10. The fix includes an update to the Sun Java Runtime Environment, addressing seven errors.

Oracle repaired two flaws in Oracle Application Server affecting the Oracle Security Developer Tools and the HTTP Server. The vulnerabilities may be remotely exploitable without authentication and may be exploited over a network without the need for a username and password, Oracle said. 

Five flaws were address in the Oracle E-business Suite, affecting the Oracle Application Object Library, Application Install, Application Framework, iStore packaged e-commerce application and Applications Manager. Oracle said three of the flaws were remotely exploitable.

Oracle addressed two security flaws in Oracle Enterprise Manager. Both vulnerabilities require authentication and were not remotely exploitable, Oracle said.

Oracle issued three security fixes for the Oracle PeopleSoft and JDEdwards Suite and addressed a single flaw in Oracle Siebel Suite.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: