Risk
4/14/2008
01:13 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Oracle Plans 41 Patches For Tuesday

The number of published proof-of-concept exploits for Oracle products last year supports research noting an increase in attacks on applications.

Oracle said last week that it will be releasing patches for 41 vulnerabilities in its database software products on Tuesday, April 15.

The Critical Patch Update contains 17 security fixes for the Oracle Database, three security fixes for Oracle Application Server, 11 security fixes for the Oracle E-Business Suite, one security fix for the Oracle Enterprise Manager, three security fixes for Oracle PeopleSoft Enterprise products, and six security fixes for Oracle Siebel SimBuilder products.

Of these, 15 can be exploited remotely without authentication.

The following Oracle products are affected: Oracle Database 11g, version 11.1.0.6; Database 10g Release 2, versions 10.2.0.2, 10.2.0.3; Oracle Database 10g, version 10.1.0.5; Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV; Oracle Application Server 10g Release 3 (10.1.3), versions 10.1.3.1.0, 10.1.3.3.0; Oracle Application Server 10g Release 2 (10.1.2), versions 10.1.2.0.2, 10.1.2.1.0, 10.1.2.2.0; Oracle Application Server 10g (9.0.4), version 9.0.4.3 Oracle Collaboration Suite 10g, version 10.1.2; Oracle E-Business Suite Release 12, versions 12.0.0 - 12.0.4; Oracle E-Business Suite Release 11i, versions 11.5.9 - 11.5.10 CU2; Oracle PeopleSoft Enterprise PeopleTools versions 8.22.19, 8.48.16, 8.49.09; Oracle PeopleSoft Enterprise HCM versions 8.8 SP1, 8.9, 9.0; Oracle Siebel SimBuilder versions 7.8.2, 7.8.5

Security researchers have noted that cyber attacks now tend to focus more on applications than on operating system or network vulnerabilities. The number of published proof-of-concept exploits for Oracle products last year, compared to previous years, seems to support that contention.

Mil0worm.com, a security vulnerability site, listed 21 proof-of-concept exploits for Oracle software in 2007, compared to 5 in 2006 and 3 in 2005. So far in 2008, the site lists 4 Oracle-related vulnerabilities.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7896
Published: 2015-03-03
Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before ...

CVE-2014-9283
Published: 2015-03-03
The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.

CVE-2014-9683
Published: 2015-03-03
Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

CVE-2015-0890
Published: 2015-03-03
The BestWebSoft Google Captcha (aka reCAPTCHA) plugin before 1.13 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.

CVE-2015-2168
Published: 2015-03-03
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none.

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.