Security flaws slip through Oracle patch cycle

A security research firm has reported details of six vulnerabilities in products from Oracle that were not fixed in the supplier’s last round of patches.

A security research firm has reported details of six vulnerabilities in products from Oracle that were not fixed in the supplier’s last round of patches.

Oracle last week issued fixes for almost 50 vulnerabilities in its products as part of its quarterly patching cycle, but Red-Database-Security has published details of additional flaws in Oracle Reports, Oracle Forms and other Oracle software.

The security company said it had warned Oracle of the security holes around two years ago and published details after growing impatient over a lack of action by Oracle.

Along with details of the threats, the security company provided users with workarounds to stop attackers exploiting the vulnerabilities.

Three of the bugs were described by Red-Database-Security as “high risk”. One allows a hacker to overwrite files in Oracle Application Server (Oracle Reports is a component of this solution).

Red-Database-Security said Oracle had acknowledged the threats. Oracle is considering whether to issue patches in the future.

More details of the potential vulnerabilities can be found at:

http://www.red-database-security.com/advisory/published_alerts.html

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Business applications

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close