Oracle Warns: Download emergency patch for Apache servers 2.0 & 2.2

Custom Search

Hack in The Box
Experts Galaxy
UK Cheapest Hosting
DJ Software
Scanpst.exe
A3 Multifunction
Electricity Prices
Texas Electricity
Electricity Rates in Texas
Electric Companies in Texas
Web Design Geelong
SellSimple
MSN
Wallpapers
NewsApp Portal
Recover files from recycle bin

[Welcome to SCforum.info - Security [CENTRAL] Forum]

Welcome to SCforum.info - Security [CENTRAL] Forum, a home of the SCF Community devoted to provide Computer related News, Alerts, Downloads and FREE Help in such a way that even the novice computer user can understand.

Getting started using our community is extremely easy, check the two steps below:

Step 1: Create an account by clicking here and wait for approval from Administrator. It's completely free with no hidden strings attached.

Step 2: If you have a computer problem and need some help, or just want to take part in opened discussions, simply browse Forum. Once you *Register an account, you can quickly post your questions and comments.

(*Registered Members get: free support, also, they can communicate privately with other members via PM, removal of this message, see fewer ads and much more...)

[Samker]

Oracle has issued an emergency patch to fix a vulnerability it says could bring down HTTP application servers it sells that are based on Apache 2.0 or 2.2.

Attackers can exploit the weakness remotely without a username or password, Oracle said in a security alert issued Thursday: http://www.oracle.com/technetwork/topics/security/alert-cve-2011-3192-485304.html

Products impacted by the bug include Oracle Fusion Middleware 11g Release 1, versions 11.1.1.3.0, 11.1.1.4.0 and 11.1.1.5.0; Oracle Application Server 10g Release 3, version 10.1.3.5.0; and Oracle Application Server 10g Release 2, version 10.1.2.3.0.

The U.S. Government's National Vulnerability Database has assigned a CVSS (Common Vulnerability Scoring System) rating of 7.8, "indicating a complete Operating System denial of service," Oracle said.

But Oracle took issue with that assessment in its security alert.

"A complete Operating System denial of service is not possible on any platform supported by Oracle, and as a result, Oracle has given the vulnerability a CVSS Base Score of 5.0 indicating a complete denial of service of the Oracle HTTP Server but not the Operating System," it stated.

In any event, the bug is serious enough for Oracle to issue the patch outside of its usual large quarterly updates, the next of which is scheduled for Oct.18.: http://www.oracle.com/technetwork/topics/security/alerts-086861.html

(PCW)

[jheysen]

Has McAfee said anything about ePO being compromised too?

[Samker]

Has McAfee said anything about ePO being compromised too?

I can't find anything... so probably everything is Ok.