eygle.com   eygle.com
eygle.com eygle
eygle.com  
 

« 数据恢复:ORA-600 kccpb_sanity_check_2解决 | Blog首页 | 花开时节 北京10年 »

Oracle Security Alert for CVE-2011-5035 OC4J

今早收到Oracle的安全警告邮件,对CVE-2011-5035进行更新
此前于2012年1月31日发布的CVE-2011-5035安全补丁,由于又爆出安全漏洞,所以再次更新,发出安全警告。

邮件内容如下:
Dear Oracle Customer,

Oracle Security Alert for CVE-2011-5035 that was originally released on Tuesday, January 31, 2012 has been updated to announce additional products that are impacted by this vulnerability through their use of affected components.

Oracle strongly recommends applying Security Alert fixes as soon as possible.

The Security Alert Advisory is the starting point for relevant information. It includes the list of affected products, a summary of the security vulnerability, and a pointer to obtain the latest patches.

Also, it is essential to review the Security Alert supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.

The Advisory is available at the following location:

Oracle Critical Patch Updates and Security Alerts:
http://www.oracle.com/technetwork/topics/security/alerts-086861.html

Updated Oracle Security Alert CVE-2011-5035:
http://www.oracle.com/technetwork/topics/security/alert-cve-2011-5035-1506603.html

Thank you,
Customer Support of Oracle Corporation
该安全漏洞影响包含了OC4J的产品,包括Oracle Audit Vault,Database,OEM,OIM等产品:
Products such as Oracle Audit Vault, Oracle Database, Oracle Enterprise Manager Grid Control and Oracle Identity Management include Oracle Containers for J2EE (OC4J). OC4J is affected by CVE-2011-5035, so security patches need to be applied to OC4J instances in these products

这个安全漏洞会导致不需要用户名和密码的访问攻击,通过网络攻击者可以对Weblogic和OAS等产品进行侵入,由于HASH碰撞导致的安全风险可能使用户遭受安全风险。

This security alert addresses the security issue CVE-2011-5035, a denial of service vulnerability in Oracle WebLogic Server, Oracle Application Server (component: Oracle Container for J2EE/OC4J) and Oracle iPlanet Web Server due to hashing collisions. This vulnerability may be remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. A remote user can exploit this vulnerability to affect the system availability.


CVE-2011-5035.png

Oracle强烈推荐用户应用这个安全修正。



历史上的今天...
    >> 2017-03-30文章:
    >> 2011-03-30文章:
    >> 2009-03-30文章:
           关于ocssd进程的三言两语
    >> 2008-03-30文章:
           resize datafile 与 checkpoint
    >> 2006-03-30文章:
           广告: 招聘SQL SERVER DBA
    >> 2005-03-30文章:

无觅

By eygle on 2012-03-30 12:05 | Comments (0) | Advanced | 2987 |


CopyRight © 2004~2020 云和恩墨,成就未来!, All rights reserved.
数据恢复·紧急救援·性能优化 云和恩墨 24x7 热线电话:400-600-8755 业务咨询:010-59007017-7040 or 7037 业务合作: marketing@enmotech.com