« 数据恢复:ORA-600 kccpb_sanity_check_2解决 | Blog首页 | 花开时节 北京10年 »
Oracle Security Alert for CVE-2011-5035 OC4J
作者:eygle | 【转载请注出处】|【云和恩墨 领先的zData数据库一体机 | zCloud PaaS云管平台 | SQM SQL审核平台 | ZDBM 数据库备份一体机】
链接:https://www.eygle.com/archives/2012/03/oracle_security_CVE-2011-5035.html
今早收到Oracle的安全警告邮件,对CVE-2011-5035进行更新链接:https://www.eygle.com/archives/2012/03/oracle_security_CVE-2011-5035.html
此前于2012年1月31日发布的CVE-2011-5035安全补丁,由于又爆出安全漏洞,所以再次更新,发出安全警告。
邮件内容如下:
Dear Oracle Customer,该安全漏洞影响包含了OC4J的产品,包括Oracle Audit Vault,Database,OEM,OIM等产品:
Oracle Security Alert for CVE-2011-5035 that was originally released on Tuesday, January 31, 2012 has been updated to announce additional products that are impacted by this vulnerability through their use of affected components.
Oracle strongly recommends applying Security Alert fixes as soon as possible.
The Security Alert Advisory is the starting point for relevant information. It includes the list of affected products, a summary of the security vulnerability, and a pointer to obtain the latest patches.
Also, it is essential to review the Security Alert supporting documentation referenced in the Advisory before applying patches, as this is where you can find important pertinent information.
The Advisory is available at the following location:
Oracle Critical Patch Updates and Security Alerts:
http://www.oracle.com/technetwork/topics/security/alerts-086861.html
Updated Oracle Security Alert CVE-2011-5035:
http://www.oracle.com/technetwork/topics/security/alert-cve-2011-5035-1506603.html
Thank you,
Customer Support of Oracle Corporation
Products such as Oracle Audit Vault, Oracle Database, Oracle Enterprise Manager Grid Control and Oracle Identity Management include Oracle Containers for J2EE (OC4J). OC4J is affected by CVE-2011-5035, so security patches need to be applied to OC4J instances in these products
这个安全漏洞会导致不需要用户名和密码的访问攻击,通过网络攻击者可以对Weblogic和OAS等产品进行侵入,由于HASH碰撞导致的安全风险可能使用户遭受安全风险。
This security alert addresses the security issue CVE-2011-5035, a denial of service vulnerability in Oracle WebLogic Server, Oracle Application Server (component: Oracle Container for J2EE/OC4J) and Oracle iPlanet Web Server due to hashing collisions. This vulnerability may be remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. A remote user can exploit this vulnerability to affect the system availability.
Oracle强烈推荐用户应用这个安全修正。
历史上的今天...
>> 2019-03-30文章:
>> 2017-03-30文章:
>> 2011-03-30文章:
>> 2009-03-30文章:
>> 2008-03-30文章:
>> 2006-03-30文章:
>> 2005-03-30文章:
By eygle on 2012-03-30 12:05 | Comments (0) | Advanced | 2987 |