The Critical Patch Update will address 144 flaws in hundreds of Oracle products, 36 of which apply to vulnerabilities in Java SE, including 34 that are bugs that can be exploited remotely by an attacker without requiring authentication.
Oracle will issue its first patch update of 2014 on Tuesday and it just so happens that it'll be one of its biggest ever that includes a slew of security patches, many of which address vulnerabilities in Java.
The Fusion Middleware patch contains 22 fixes and 19 of those vulnerabilities are remotely exploitable without authentication, while the MySQL patch addresses 18 issues, only three of which are remotely exploitable without authentication.
The PeopleSoft Products patch contains 17 fixes, 10 of which may be remotely exploitable without authentication, and the Supply Chain Products Suite patch contains 16 fixes, of which six of those vulnerabilities are remotely exploitable without authentication.
Five of the security fixes will apply to Oracle Database Server. One of these vulnerabilities might be remotely exploitable without authentication, meaning it could be exploited over a network without the need for a username and password.
The highest CVSS 2.0 Base Score for vulnerabilities in Oracle's Critical Patch Update is 10.0 for Java SE, Java SE Embedded, and JRockit of Oracle Java SE, MySQL Enterprise Monitor of Oracle MySQL, Oracle FLEXCUBE Private Banking of Oracle Financial Services Software and Oracle WebCenter Sites of Oracle Fusion Middleware.
Security firm Qualys' CTO Wolfgang Kandek warned that plug-ins like Java are one of the main threat vectors as more companies are being infected through web based attacks.
Oracle puts out patches every quarter and the next round of updates are scheduled for release on April 15, July 15, Oct. 14 and Jan. 20, 2015.
Oracle will issue its first patch update of 2014 on Tuesday and it just so happens that it'll be one of its biggest ever that includes a slew of security patches, many of which address vulnerabilities in Java.
The Fusion Middleware patch contains 22 fixes and 19 of those vulnerabilities are remotely exploitable without authentication, while the MySQL patch addresses 18 issues, only three of which are remotely exploitable without authentication.
The PeopleSoft Products patch contains 17 fixes, 10 of which may be remotely exploitable without authentication, and the Supply Chain Products Suite patch contains 16 fixes, of which six of those vulnerabilities are remotely exploitable without authentication.
Five of the security fixes will apply to Oracle Database Server. One of these vulnerabilities might be remotely exploitable without authentication, meaning it could be exploited over a network without the need for a username and password.
The highest CVSS 2.0 Base Score for vulnerabilities in Oracle's Critical Patch Update is 10.0 for Java SE, Java SE Embedded, and JRockit of Oracle Java SE, MySQL Enterprise Monitor of Oracle MySQL, Oracle FLEXCUBE Private Banking of Oracle Financial Services Software and Oracle WebCenter Sites of Oracle Fusion Middleware.
Security firm Qualys' CTO Wolfgang Kandek warned that plug-ins like Java are one of the main threat vectors as more companies are being infected through web based attacks.
Oracle puts out patches every quarter and the next round of updates are scheduled for release on April 15, July 15, Oct. 14 and Jan. 20, 2015.
No comments:
Post a Comment