Members
  • Total Members: 12814
  • Latest: Rono
Stats
  • Total Posts: 28518
  • Total Topics: 8240
  • Online Today: 1026
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Oracle Warns: Download emergency patch for Apache servers 2.0 & 2.2  (Read 1432 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Oracle has issued an emergency patch to fix a vulnerability it says could bring down HTTP application servers it sells that are based on Apache 2.0 or 2.2.

Attackers can exploit the weakness remotely without a username or password, Oracle said in a security alert issued Thursday: http://www.oracle.com/technetwork/topics/security/alert-cve-2011-3192-485304.html

Products impacted by the bug include Oracle Fusion Middleware 11g Release 1, versions 11.1.1.3.0, 11.1.1.4.0 and 11.1.1.5.0; Oracle Application Server 10g Release 3, version 10.1.3.5.0; and Oracle Application Server 10g Release 2, version 10.1.2.3.0.

The U.S. Government's National Vulnerability Database has assigned a CVSS (Common Vulnerability Scoring System) rating of 7.8, "indicating a complete Operating System denial of service," Oracle said.

But Oracle took issue with that assessment in its security alert.

"A complete Operating System denial of service is not possible on any platform supported by Oracle, and as a result, Oracle has given the vulnerability a CVSS Base Score of 5.0 indicating a complete denial of service of the Oracle HTTP Server but not the Operating System," it stated.

In any event, the bug is serious enough for Oracle to issue the patch outside of its usual large quarterly updates, the next of which is scheduled for Oct.18.: http://www.oracle.com/technetwork/topics/security/alerts-086861.html

(PCW)

Samker's Computer Forum - SCforum.info





jheysen

  • SCF Global Moderator
  • *****
  • Posts: 754
  • KARMA: 100
  • Gender: Male
Re: Oracle Warns: Download emergency patch for Apache servers 2.0 & 2.2
« Reply #1 on: 16. September 2011., 16:19:07 »
Has McAfee said anything about ePO being compromised too?

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: Oracle Warns: Download emergency patch for Apache servers 2.0 & 2.2
« Reply #2 on: 16. September 2011., 17:57:13 »
Has McAfee said anything about ePO being compromised too?

I can't find anything... so probably everything is Ok. ;)


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising