Oracle issues 'high' alert over E-Business Suite vulnerability
By Alun Williams
Posted on 11 Jun 2004 at 11:07
Oracle has alerted users of its Oracle E-Business Suite to vulnerabilities that allow an attacker to execute unauthorised procedures or SQL inside the database.
The flaws were discovered by Integrigy, an enterprise application security company. They are termed 'SQL injection' vulnerabilities and can be remotely exploited, via a browser, by sending specially crafted URLs to the web server hosting the Suite.
Oracle is strongly recommending that customers apply a patch made available as no work around exists for the flaw. It describes the risk as 'high' because any hacker with browser access can exploit the vulnerabilities.
Software affected comprises: Oracle E-Business Suite Release 11i and 11.5.1 through 11.5.8. Release 11.5.9 and later releases are not affected, however.
You can read more details on the Oracle Technology Network website, with patches available from the MetaLink website.
From around the web
advertisement
- Chrome's shine getting lost in translation
- BytePac: the cardboard hard disk enclosure
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- Why virtualisation hasn't slowed the growth of data
- How to make Google AdWords work for your business
- The curse of sloppily written software
- Paying for your crimes with Bitcoin
- Behind the scenes: tech support for Formula 1
- The security risk of fat fingers
- Why Windows Phone 7 isn't quite ready for business
- When will Microsoft stop fiddling with Windows 8?
- Flash down the pan?
- Metro Style apps vs desktop applications
advertisement
Printed from www.pcpro.co.uk