We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,108 News Articles

Oracle: Security flaw could bring down app servers

The fix comes outside Oracle's usual patch release schedule

Oracle has issued an emergency patch to fix a vulnerability it says could bring down HTTP application servers it sells that are based on Apache 2.0 or 2.2.

Attackers can exploit the weakness remotely without a username or password, Oracle said in a security alert issued Thursday.

Products impacted by the bug include Oracle Fusion Middleware 11g Release 1, versions 11.1.1.3.0, 11.1.1.4.0 and 11.1.1.5.0; Oracle Application Server 10g Release 3, version 10.1.3.5.0; and Oracle Application Server 10g Release 2, version 10.1.2.3.0.

The U.S. Government's National Vulnerability Database has assigned a CVSS (Common Vulnerability Scoring System) rating of 7.8, "indicating a complete Operating System denial of service," Oracle said.

But Oracle took issue with that assessment in its security alert.

"A complete Operating System denial of service is not possible on any platform supported by Oracle, and as a result, Oracle has given the vulnerability a CVSS Base Score of 5.0 indicating a complete denial of service of the Oracle HTTP Server but not the Operating System," it stated.

In any event, the bug is serious enough for Oracle to issue the patch outside of its usual large quarterly updates, the next of which is scheduled for Oct. 18.

Chris Kanaracus covers enterprise software and general technology breaking news for The IDG News Service. Chris's e-mail address is Chris_Kanaracus@idg.com


IDG UK Sites

Windows 9 release date, price, features: Microsoft teases new OS ahead of 30 September unveiling

IDG UK Sites

From the iPhone 6 to the iWatch and a new Apple TV we look at the products Apple is set to launch...

IDG UK Sites

September 2014 creative trends: 5 things you must see

IDG UK Sites

What to expect from Apple in autumn/winter 2014: iPhone 6, iPhone Air, iWatch, iPad 6, new Apple...