In association with heise online

19 September 2011, 09:40

Unexpected patches close DoS holes in Oracle products

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Oracle Logo A flaw in the way that the Apache web server processes byte range requests also affects Oracle products that incorporate the open source software. To address these problems, the company has released patches outside of its normal quarterly patch cycle.

Oracle's Fusion Middleware 11g Release 1 (versions 11.1.1.3, 11.1.1.4.0, 11.1.1.5) is affected, as is the Enterprise Manager, which contains the Fusion component. Releases 2 and 3 of the Application Server 10g are also vulnerable if the version of HTTPD 2.0 that came with the release has been installed. Oracle recommends that all customers update their software to the latest versions as soon as possible. Further details can be found on a page (log-in required) on the company's support portal.

The flaw enables attackers to cripple a web server via a Denial-of-Service (DoS) attack. However, more than just server corrections are required to fix it: the IETF is considering an HTTP modification.

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-1345364
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit