You are here: silicon.com > Software > Malware

Malware

Oracle warns customers of "highly critical" flaw

Patch issued for 11i E-Business suite…

Printer Friendly Email Story RSS

By Robert Lemos

Published: 11 June 2004 08:50 GMT

Oracle has issued a warning to customers using the most recent version of its ecommerce program of a flaw that puts their systems at risk.

In a terse but strongly worded advisory released to customers last week, Oracle said a software flaw in its Oracle 11i E-Business Suite and its Oracle Applications 11.0 could let an attacker take control of the database that powers the programs.

"Risk of exposure is high, as any user with browser access and specialised knowledge can exploit" the flaw, Oracle said in the advisory. The company would not provide details. Oracle has released a patch for the problem and urged customers to update their systems.

Security information provider Secunia rated the vulnerability as "highly critical," its second highest rating.

The vulnerability was discovered by Stephen Kost, CTO for Integrigy, a company focused on creating software to secure critical corporate applications. Integrigy's own advisory agreed with Oracle's on the ease with which the flaw could be exploited.

"Since attacks can be specially crafted for Oracle Applications and an attack may only be a single [HTTP request], successful attacks can be easily designed that will evade most intrusion detection and prevention systems," Integrigy said in its advisory.

A year ago, the Integrigy also published information on two other flaws in the same Oracle product.

Add Comment Add comment  Printer Friendly Print story with   Email Story Email story  
In
Applications

Operating Systems

SOA/Web Services

Malware

Security Strategy


Related Links

Microsoft game for plugging two security flaws

Apple releases complete patch for OS X flaw

Linksys Wi-Fi router flaw found

New Bobax worm copies Sasser exploit

Security flaws could corrupt open source databases

Cisco source code leak: No need to sweat yet

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Nick Heath Your top HR tech priorities for next year revealed How to make human resources IT work for you

Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business

Second iPhone worm: A botnet risk

Phishers set their sights on corporate accounts

Tax-refund phishing scams hit an all-time high

First critical Windows 7 patches released

Online fraudsters enlist Trojans to run off with your money


  • Jobs
Senior Software Engineer

CompanyMcAfee creates best-of-breed computer security solutions that span large enterprises, governments, small- & medium-sized businesses, & ...

Technical Support Engineer - French Speaking

Candidates applying will have 4+ years of experience in a technical support role and will be skilled in the below:Strong knowledge of current ...

Security Operations Centre Manager (SOC Manager), SC Security Cleared

Moderate IT security experience (UNIX, NT, firewalls, virus, intrusion detection). Basic awareness of computer based vulnerability analysis testing. ...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.

JD Edwards Spotlight Video

CEO Dashboard Management: Why Creating Visual Reports You Can't Hide From Will Help...

Virtual Private Servers (VPS)

Looking for a fast payback? 10 Minutes with Free Tool Can Save Thousands

Martin Brokers cashes in on back-up swap

VocaLink makes virtualisation pay

Sony Pictures sets sights on best IT Oscar

Co-op Group kicks "server sprawl" into touch

Arts Council gets tech troubleshooting boost

Torex tech treats Thorntons to quicker sales

Stories from the web...


Anti-ageism legislation isn't working, say IT pros

Leaked report reveals billions in budget cuts for public sector IT

Mini laptops, codebreaking, Wikipedia and why there's no 'British Google'

Recession fuels fears of UK jobs being sent offshore

eBay app lets users bid from a BlackBerry

ID card database: 500 names added in first month




Quick Sitemap Links: