Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Critical Oracle security patch

Critical Oracle security patch

by Ivana Strahija on February 28th, 2006 It seems that E-Business Suite software was too buggy even for Oracle to wait for another two months, when the next security update is due. The patch addresses numerous vulnerabilities in one component of the Oracle software.


With the issued advisory came a note to users to apply the fix as soon as possible.

A malicious attacker can abuse Diagnostics Web pages and Java classes, components of the E-business suite. Security experts warn that nature of the Diagnostics allows some of them to be executed without authentication.

-There exist a number of high risk security vulnerabilities in the Oracle Diagnostics web pages and Java classes. The most significant issue with the Oracle Diagnostics is that some of the diagnostics can be executed without any authentication and it is possible to configure the diagnostics to be unrestricted. Also, several permission issues and SQL injection vulnerabilities are fixed by the patch, says the security analysis of the vulnerability by Integrigy.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »