Oracle Update Plugs Security Holes
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

Oracle Update Plugs Security Holes

Written By
Brian Prince
Brian Prince
Jul 17, 2007
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Oracle issued 45 security fixes for its customers July 17 as part of its quarterly Critical Patch Update.

The 45 patches plug security holes in Oracle Database, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite and Applications, and Oracle PeopleSoft Enterprise products.

The most serious of the flaws are two vulnerabilities affecting Oracle PeopleSoft Enterprise PeopleTools, which received a Common Vulnerability Scoring System rating of 4.8 out of 10. The flaws can be exploited remotely by an attacker but require user authentication.

The company initially planned 46 patches for this weeks release. An Oracle spokesperson said an issue came out in the late stages of the companys testing process that the development team could not resolve before the release of the update.

“We will attempt to include the fix in the October 2007 CPU,” the spokesperson said.

Nineteen of the patches are for database products, including two for flaws that can be exploited remotely without a password or user name for authentication. Four new security fixes are for flaws in Oracle Application Server, three of which can be remotely exploitable without authentication.

In addition, there is one new Oracle Collaboration Suite-specific fix, 14 security fixes for the Oracle E-Business Suite, three for Oracle PeopleSoft Enterprise PeopleTools, two for PeopleSoft Enterprise Customer Relationship Management and two security fixes for PeopleSoft Enterprise Human Capital Management.

Among the patches is a fix for a cross-site scripting vulnerability reported by researchers at Imperva that affects the Oracle E-Business Suite and could be exploited remotely to steal sensitive data and execute phishing attacks.

Imperva SecureSphere Database Security Gateway and Web Application Firewall appliances automatically protect Oracle products against this flaw until it is patched, company officials said.

“They were very quick [with the patch],” said Imperva Chief Technology Officer Amichai Shulman, adding that Imperva reported the flaw no more than three months ago.

/zimages/1/28571.gifClick hereto read about Oracles Audit Vault, which is designed to streamline the database auditing process.

The July 17 fixes are part of the companys Critical Patch Update releases, issued four times year. The last batch, in April, featured 36 security fixes.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.
Brian Prince
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information