Home » News » Vulnerabilities » Denial-of-service flaw is fixed by Oracle

Denial-of-service flaw is fixed by Oracle

By Gina on February 7, 2012 | Vulnerabilities, Oracle, security bulletin, vulnerability, flaw, patch, security advisor Denial-of-service flaw is fixed by Oracle

Recently, Oracle released a patch which fixed denial-of-service vulnerability in the Oracle WebLogic Server, Application Server and iPlanet Web Server. In a security bulletin Oracle warned that "vulnerability may be remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password." 

Oracle pointed out that a fix for the same vulnerability in the GlassFish Server was released last month. Back then Oracle dropped 78 patches for its products, including two fixes to its Database Server. This was criticized by Alex Rothacker with TeamSHATTER and Amichai Shulman, chief technology officer with Imperva, for patching only two flaws in Database Server.

A. Rothacker commented: "Oracle, what happened? Did you throw in the towel on DBMS fixes? I know it’s not because the Database is finally fixed for good and is now suddenly secure." A. Shulman said: "There are only two vulnerabilities in the database product. Why? Either the database server has reached an amazing maturity in terms of security or Oracle did not have enough resources to include more fixes into the process."

More Vulnerabilities news

Shocking: 9 out of 10 websites still vulnerable to old attacks

Did you know that less than 10% of websites are safe from attacks that have struck the internet in 2009? Back then there was a breakout of Man-in-the-middle  (MITH) attacks that included an injection of a malicious code in to the browser but even after 3 years these problems are very sensitive. SSL Pulse reportIt seems that companies live in a bubble as far as IT safety is concerned. A project called SSL Pulse that is monitoring 200. Read more.


News categories

Latest news

Related news