Oracle Ups Status On SSL Vulnerability Alert
Oracle issued a high severity security alert warning, of Secure Sockets Layer (SSL) vulnerabilities, that will require users to immediately apply patch fixes to systems at risk.
Oracle released a detailed security alert on Thursday. The cautionary note addresses SSL vulnerabilities detailed in CERT Advisory CA-2003-26, and SSL vulnerabilities detailed in several older Common Vulnerabilities and Exposures (CVE) Candidates.
The company justified the alert upgrade, citing the fact that a number of its server products could be tampered with, by exploiting vulnerabilities via the OpenSSL protocol.
According to Oracle, the risk to exposure is high. Any client that is able to access the server may exploit the vulnerabilities, and the flaws could potentially open the door for a remote hacker to launch a denial-of-service (DoS) attack, execute malicious code, and gain access privileges.
This vulnerability affects all products that use SSL and accept client certificates in the Oracle9i Application Server, the Oracle9i Database Server, and the Oracle8i Database Server
OpenSSL is an open source deployment of the SSL and Transport Layer Security (TLS) protocols. The protocols offer encryption, authentication, and other security measures to HTTP and other network applications.
To minimize risk, Oracle recommended that users apply patches since no workarounds exist that fully address the potential security vulnerabilities. Patches for the security vulnerabilities are available on Oracle’s support Web site, MetaLink.
- 70% Indian Firms To Deploy AI By 2020: Intel
- Why Cloud Adopters Need Visibility Into Their Network
- Cyber Security Jobs At Premium As India Goes Digital
- Trends In Information Management: An India Perspective
- Cyber Security Predictions For 2018
- SpiderOak CEO Warns Of 10 Cybersecurity Threats For 2018
- Uber Data Breach: Accountability, Corporate Ethics In Question
- Customer-Facing Web, Mobile Apps Pose Highest Security Risk: Study
- 70% Consumers Stop Following A Business After Data Breach: Study
- CISOs, Beware Of Crime-as-a-Service, IoT Threats In 2018