Advertisement
Promo

Security threats Toolkit

Oracle Applications vulnerable to Web attack

Ingrid Marson ZDNet.co.uk

Published: 10 Jun 2004 14:25 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Oracle Corporation has announced a security flaw in Oracle Applications 11i that allows an attacker to carry out database functions through a company's Web site.

The flaw, which is categorised at the highest severity level, can be exploited with little specialised knowledge and has no work-around, according to the security alert sent out by Oracle. Oracle says the patch should be applied immediately.

The flaw, discovered by security firm Integrigy Corporation, is known as an SQL Injection vulnerability. It allows an attacker to manipulate the database by putting SQL code into Web page input fields. Customers with Internet-facing application servers are most vulnerable because they can be attacked remotely by anyone who has a browser.

Oracle Applications, also called Oracle E-business suite, is a set of applications and modules that enables an organisation to carry out various business functions, including financial management, human resources, and inventory management using a single database model.

Oracle Applications 11.5.1 to 11.5.8 are affected, as are all releases of Oracle Applications 11.0. Releases 11.5.9 and later are not affected. Oracle has provided a patch for the security alert.

Oracle UK declined to comment on this security flaw and was unable to provide figures for the current number of users of Oracle Applications in the UK.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
55 out of 120 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:



Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Official Organizations Losing Data

How does this article from earlier today make you feel? How many more government, health service, or military officials are going to lose pen drives, DVDs, USB hard disks and even entire... More

1 comment

Twitter hack was DNS redirect

Twitter has said an attack on Thursday which took the site offline for many users was the result of a DNS redirect. A group calling itself the Iranian Cyber Army redirected users... More

1 comment

McKinnon lawyers seek judicial review

Lawyers seeking a judicial review for Nasa hacker Gary McKinnon lodged fresh evidence of his psychiatric state at the High Court on Thursday. Karen Todner, McKinnon's solicitor,... More

1 comment

Win a BlackBerry with Vlingo voice recognition

Win a BlackBerry with Vlingo voice recognition

What is ZDNet UK's usual tagline?

Competition closes - 14 Jan 2010


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters