In association with heise online

18 April 2007, 11:38

Oracle closes 36 security holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Rather than 37 holes as announced, Oracle’s Critical Patch Update of today’s patchday only fixes 36 security vulnerabilities in the vendor’s products, including holes in Oracle’s database products that allowed remote access to the system. The most critical vulnerability only affects Windows products. The update for Oracle Database will not be available before end of April.

Other vulnerabilities to be fixed by the patches include bugs in Oracle’s Application Server, E-Business Suite, Enterprise Manager, Peoplesoft Enterprise and other products that allow hackers to spy out or manipulate content. According to database security specialist Alexander Kornbrust, Oracle has known about the oldest of these holes (AS01) since 2003. It has been base scored at 4.2 out of 10 under the Common Vulnerability Scoring System (CVSS).

From the risk matrix in Oracle’s CPU overview users can determine the nature of the problems represented by the individual holes. In addition, Oracle has documented the parameters that contribute to the base vulnerability scoring (CVSS) for the individual vulnerabilities.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit