Oracle Issues High-Severity Vulnerability Warning
Oracle this week issued a high severity security alert warning of Secure Sockets Layer (SSL) vulnerabilities.Oracle this week issued a high severity security alert warning of Secure Sockets Layer (SSL) vulnerabilities that will require the immediate attention of managers to apply patch fixes on at-risk systems. According to an Oracle Security Alert issued on Thursday, the notification addresses SSL vulnerabilities detailed in CERT Advisory CA-2003-26 and SSL vulnerabilities detailed in several older Common Vulnerabilities and Exposures (CVE) Candidates. Through its alert, Redwood City, Calif.-based Oracle confirmed that a variety of its server products could be tampered with through vulnerabilities via the OpenSSL protocol. The flaws could potentially open the door for a remote hacker to cause a denial-of-service (DoS) attack, execute arbitrary code, and gain access privileges.
Products concerned with the vulnerability include certain releases of Oracle9i Database Server, Oracle8i Database Server, Oracle9i Application Server, and Oracle HTTP Server.