Bugs hit 9i and Internet Explorer

IT departments will be busy in the run up to Christmas dealing with two potentially serious bugs affecting enterprise IT.

IT departments will be busy in the run up to Christmas dealing with two potentially serious bugs affecting enterprise IT.

The first concerns the SSL protocol used in Oracle's 8i and 9i Database Server, Oracle 9i Application Server, and versions 8 and 9 of the Oracle HTTP Server.

Oracle has rated the risk as "high" and warned that any client software that can access an affected Oracle server could exploit the hole. The firm urged users to install a patch from the Oracle Technology Network website.

The second security issue concerns website spoofing on Internet Explorer. According to information published on the Secunia website, by adding special ASCI codes to a URL, a hacker can control the web address displayed in a user's Internet Explorer URL address bar.

Secunia said, "This can be exploited to trick users into divulging sensitive information or download and execute malware on their systems, because they trust the faked web address."

The company provided an example of how this could be exploited by spoofing the Microsoft website.

Microsoft said it would be investigating the security hole.

http://otn.oracle.com

Yuletide security warning >>

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close