dcsimg

Oracle Scrambles to Contain 0-Day Disclosure Snafu

Oracle hasn't patched a security vulnerability in its database although it has known about it for four years.

WEBINAR:
On-Demand

How to Help Your Business Become an AI Early Adopter


ZDNet: Four years ago, security researcher Joxean Koret notified Oracle about a security vulnerability in its database software. Koret thought that Oracle patched the problem in its latest security release, so he published the details about the vulnerability that he had found and encouraged users to apply the patch.

The only problem--Oracle hadn't actually fixed the bug.

As a result, hackers now know details about a vulnerability which, according to Oracle, "is remotely exploitable without authentication, and if successfully exploited, can result in a full compromise of the targeted Database." Oracle still doesn't have a patch for the vulnerability, but it has published a workaround, which enterprises are encouraged to use to maintain the security of their Oracle databases.




Tags: database, Oracle, security vulnerability


0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 

IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.





×
We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.