Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Oracle Fixes SQL Vulnerabilities

Oracle has posted patches for its E-Business Suite and Applications 11.0 software to fix multiple, critical SQL vulnerabilities.

The vulnerabilities, which were first disclosed last week by Stephen Kost of security firm Integrigy, affect Oracle Applications 11.0 and 11i, as well as E-Business Suite versions 11.5.1 through 11.5.8-- on all platforms.

On Tuesday, the U.S. Computer Emergency Response Team (US-CERT), part of the Department of Homeland Security, also chimed in with its own alert on the problem.

Oracle rated the risk as high, "as any user with browser access and specialized knowledge can exploit these vulnerabilities," the company said in an advisory posted last week.

The SQL vulnerability allows attackers to hijack a database or application, or execute SQL statements, by inserting SQL code fragments into the input fields of a Web page. Users with Internet-facing application servers are most at risk, according to Integrigy.

  • 1