Oracle e-biz suite needs patching | The Register

Skip to content

Security:

News Tools

Reg Shops

Top Stories

Read more top stories

Related Whitepapers

Solution Brief: Reduce Energy Costs
With Green IT Solutions
Search Engine Link Spam
Risks, Threats, Solution
Gartner Paper: US Data Centers - The Calm Before the Storm
How to handle future energy demands
Enforce Your Email and Web Acceptable Usage Policies
Not Just Words
Gartner Report: How IT Management Can "Green" the Data Center
Establishing energy efficiency
Eliminating the Security Risk of Sending Confidential Information by Email
Email Encryption

The Register » Security » Enterprise Security »

Oracle e-biz suite needs patching

Get to it, sharpish

By John Leyden → More by this author

Published Friday 11th June 2004 15:38 GMT

Users of Oracle e-business suite applications must patch systems following the discovery of multiple vulnerabilities. Unpatched Oracle E-Business Suite 11i and Oracle Applications 11.0 packages are subject to Multiple SQL injection flaws that could be used to manipulate database entries, Oracle warns.

In the hands of knowledgeable crackers, these vulnerabilities could be remotely exploited simply by using a browser and sending a specially-crafted URL to the web server. Oracle E-Business Suite 11i, 11.5.1 up to 11.5.8 are affected. Users of 11.5.9 and above are safe. All versions of Oracle Applications 11.0 are vulnerable.

There's no interim workaround, so users are strongly advised to apply Oracle's patch. The "critical" flaws were discovered by researchers at security tools firm Integrigy, which specialises in developing intrusion prevention software for Oracle applications. Oracle shops with Internet-facing application servers are particularly at risk, it says.

Oracle’s advisory is here (PDF). ®

Related stories

Oracle discounts revealed in court
Oracle slashes PeopleSoft offer
Oracle 9i Database, Ap Server bust six ways to Sunday
How to hack unbreakable Oracle servers

Email Encryption report: Eliminating the Security Risk of Sending Confidential Information by Email

Track this type of story as a custom Atom/RSS feed or by email.

Post to Slashdot

Add to del.icio.us

Previous Article

From small embedded OS to the world's most used open mobile OS

whitepaper title

Solution Brief: Reduce Energy Costs

Energy consumption has become a big issue. Dramatically increase server utilization and significantly reduce energy costs through Virtualization..

whitepaper title

Search Engine Link Spam

Spammers are constantly finding new, creative ways to attack your network. Learn how search engine links are the latest weapon of choice.

Whitepapers	Jobs
Power and Cooling Capacity Management for Data Centers [WP150] Why Green Security Makes Good Business Sense Strategies for Deploying Blade Servers in Existing Data Centers [WP125] Ten Errors to Avoid When Commissioning a Data Center [WP149]	eCommerce Developer - Full Time * Telecommute * Perl programmer: Challenging projects, brilliant coworkers mod-Perl Developer Operations Support - Telecom ASP Object Oriented Perl Programmer

Top 20 stories • All The Week’s Headlines • Archive • Search