Skip to content

Biting the hand that feeds IT

The Register ®

Security:


[Print][Mobile][Alerts]

Oracle e-biz suite needs patching

Get to it, sharpish

Published Friday 11th June 2004 15:38 GMT

Users of Oracle e-business suite applications must patch systems following the discovery of multiple vulnerabilities. Unpatched Oracle E-Business Suite 11i and Oracle Applications 11.0 packages are subject to Multiple SQL injection flaws that could be used to manipulate database entries, Oracle warns.

In the hands of knowledgeable crackers, these vulnerabilities could be remotely exploited simply by using a browser and sending a specially-crafted URL to the web server. Oracle E-Business Suite 11i, 11.5.1 up to 11.5.8 are affected. Users of 11.5.9 and above are safe. All versions of Oracle Applications 11.0 are vulnerable.

There's no interim workaround, so users are strongly advised to apply Oracle's patch. The "critical" flaws were discovered by researchers at security tools firm Integrigy, which specialises in developing intrusion prevention software for Oracle applications. Oracle shops with Internet-facing application servers are particularly at risk, it says.

Oracle’s advisory is here (PDF). ®

Related stories

Oracle discounts revealed in court
Oracle slashes PeopleSoft offer
Oracle 9i Database, Ap Server bust six ways to Sunday
How to hack unbreakable Oracle servers

Track this type of story as a custom Atom/RSS feed or by email.
Previous Article Next Article
whitepaper title

Solution Brief: Reduce Energy Costs

Energy consumption has become a big issue. Dramatically increase server utilization and significantly reduce energy costs through Virtualization..
whitepaper title

Search Engine Link Spam

Spammers are constantly finding new, creative ways to attack your network. Learn how search engine links are the latest weapon of choice.
Whitepapers Jobs

Top 20 storiesAll The Week’s HeadlinesArchiveSearch