http://www.vnunet.com/vnunet/news/2222923/oracle-issues-security-warning By Shaun Nichols in San Francisco vnunet.com 31 Jul 2008 Oracle has posted an alert [1] for a serious flaw in its WebLogic Server and Express products. The issue lies within the Apache Connector component used by both systems, and attack code is publicly available. Oracle warned that the attack could be remotely exploited by an attacker without the need for any authentication information, and could give control over the targeted system. The company has not yet issued a patch, but has provided a set of workarounds to help administrators mitigate the risk. It is currently working on a patch. The warning comes just two weeks after Oracle issued a major security update [2] which patched 45 vulnerabilities in 23 of its products. Security firm Sans and the US Computer Emergency Response Team recommend that administrators read Oracle's advisory and take the suggested actions. [1] https://support.bea.com/application_content/product_portlets/securityadvisories/2793.html [2] http://www.vnunet.com/vnunet/news/2221868/oracle-issues-security-updates _______________________________________________ Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://www.blackhat.comReceived on Fri Aug 01 2008 - 02:06:00 PDT
This archive was generated by hypermail 2.2.0 : Fri Aug 01 2008 - 02:16:26 PDT