From: InfoSec News (alertsinfosecnews.org)
Date: Fri Aug 01 2008 - 04:06:00 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.vnunet.com/vnunet/news/2222923/oracle-issues-security-warning

By Shaun Nichols in San Francisco
vnunet.com
31 Jul 2008

Oracle has posted an alert [1] for a serious flaw in its WebLogic Server
and Express products.

The issue lies within the Apache Connector component used by both
systems, and attack code is publicly available.

Oracle warned that the attack could be remotely exploited by an attacker
without the need for any authentication information, and could give
control over the targeted system.

The company has not yet issued a patch, but has provided a set of
workarounds to help administrators mitigate the risk. It is currently
working on a patch.

The warning comes just two weeks after Oracle issued a major security
update [2] which patched 45 vulnerabilities in 23 of its products.

Security firm Sans and the US Computer Emergency Response Team recommend
that administrators read Oracle's advisory and take the suggested
actions.

[1] https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html
[2] http://www.vnunet.com/vnunet/news/2221868/oracle-issues-security-updates

_______________________________________________
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]