Oracle Issues High-Severity Vulnerability Warning

 
 
By Brian Fonseca  |  Posted 2003-12-05 Email Print this article Print
 
 
 
 
 
 
 

Oracle this week issued a high severity security alert warning of Secure Sockets Layer (SSL) vulnerabilities.

Oracle this week issued a high severity security alert warning of Secure Sockets Layer (SSL) vulnerabilities that will require the immediate attention of managers to apply patch fixes on at-risk systems. According to an Oracle Security Alert issued on Thursday, the notification addresses SSL vulnerabilities detailed in CERT Advisory CA-2003-26 and SSL vulnerabilities detailed in several older Common Vulnerabilities and Exposures (CVE) Candidates. Through its alert, Redwood City, Calif.-based Oracle confirmed that a variety of its server products could be tampered with through vulnerabilities via the OpenSSL protocol. The flaws could potentially open the door for a remote hacker to cause a denial-of-service (DoS) attack, execute arbitrary code, and gain access privileges.
Products concerned with the vulnerability include certain releases of Oracle9i Database Server, Oracle8i Database Server, Oracle9i Application Server, and Oracle HTTP Server.
OpenSSL is a widely-used-open source deployment of the SSL and Transport Layer Security (TLS) protocols. The protocols offer encryption, authentication, and other security measures to HTTP and other network applications. To minimize risk, Oracle recommended that users apply patches since no workarounds exist that fully address the potential security vulnerabilities. Patches for the security vulnerabilities are available on Oracles support Web site, MetaLink.
Discuss This in the eWEEK Forum
 
 
 
 
Brian Fonseca is a senior writer at eWEEK who covers database, data management and storage management software, as well as storage hardware. He works out of eWEEK's Woburn, Mass., office. Prior to joining eWEEK, Brian spent four years at InfoWorld as the publication's security reporter. He also covered services, and systems management. Before becoming an IT journalist, Brian worked as a beat reporter for The Herald News in Fall River, Mass., and cut his teeth in the news business as a sports and news producer for Channel 12-WPRI/Fox 64-WNAC in Providence, RI. Brian holds a B.A. in Communications from the University of Massachusetts Amherst.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...

 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel