Oracle Addreses 155 Vulnerabilities in Monthly Update

Status
Not open for further replies.

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
For the Critical Patch Update that is delivered on a monthly basis, Oracle prepared fixes for a total of 155 security glitches affecting 44 of its products.

The company posted a pre-release announcement designed to inform system administrators of the programs that would be patched this Tuesday so that they can prepare for a quicker adoption of the new versions.
Highest CVSS score for Java vulnerability is 10
Java SE is also present on the list, and it is scheduled to receive no less than 25 fixes, most of them having the potential of being remotely exploited.

The risk is particularly high because the developer says that an attacker would not need to authenticate in order to leverage them.

According to the pre-release report, out of all vulnerabilities addressed in this set of updates, Java recorded the highest base score of 10 as per the Common Vulnerabilities Scoring System 2.0. According to Oracle, the high-severity flaws affect Java SE Embedded and Java SE.

Other Java components that will be repaired include JavaFX and Jrocit.
Remote exploitation risk available in other products
In the case of the Database Server, the most critical flaw has a CVSS score of 9, and although 32 security fixes are delivered, only one would allow a potential attacker to remotely execute arbitrary code on the affected machine without having to provide a username and a password.

The components listed for patching include Application Express, Core RDBMS, Java VM, JDBC, Jpublisher, PL/SQL and SQLJ.

The developer informs that different editions of the product are impacted: Oracle Database 11g Release 1 and 2, as well as Oracle Database 12c Release 1.

Another Oracle solution that permits remote exploitation to an attacker is Fusion Middleware. The new set of patches plugs 13 such bugs. All in all, users are to receive a total of 17 fixes.

Compared to the other two products, the most severe flaw impacting Fusion Middleware has a lower CVSS base score, of 7.5.

“Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible,” the company warns.

In late September, Oracle released out-of-date updates for some of its products affected by the Shellshock bug. Initially, 32 out of 35 were vulnerable to attacks, but the company continued to work on the necessary patches, making available a fix for 18 of them.

However, new products have been found to be sensitive to Shellshock, and at the moment, the list has grown to 39.

Hi Tony
Eset always in my favorites list.
Something stuck with Kaspersky after they changed the interface, but they still provide good protection, heavier than Eset
Eset is the light one, with good protection.

I'm still with 7, didn't try 8, but you'll find there the Botnet Protection http://blog.anti-virus4u.com/2014/08/botnet-protection-by-eset.html
 
Last edited:
  • Like
Reactions: Adhit Prakosho
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top