[VIM] Oracle CPU Jan 2009 Advisories. (fwd)
security curmudgeon
jericho at attrition.org
Fri Jan 16 00:40:11 UTC 2009
Per the researcher, two of his three advisories do not correspond to the
recent CPU:
---------- Forwarded message ----------
From: Alexandr Polyakov
To: security curmudgeon <jericho at attrition.org>
Date: Thu, 15 Jan 2009 18:50:45 +0300
Subject: Re[2]: Oracle CPU Jan 2009 Advisories.
> Hi Alexandr,
> : Advisories for Oracle CPU January 2009 vulnerabilities Attached.
> DSECRG-09-002__Oracle_BEA_Weblogic_10_Linked__SS_vulnerability.txt
> DSECRG-09-003__Oracle_Database_11g__EXFSYS_plsql_injection_vulnerability.txt
> Do you know which CVE these correspond with?
this advisories is under the Security-In-Depth program and they will be
fixed in future releases but not so critical to make a patch in this CPU.
Oracle says: "I would like to clarify that the bug has been fixed in the
future release of WLS. We do not plan to include this fix in a CPU as the
issue reported was a problem in a sample application and we do not believe
that presents a vulnerability for production applications."
So Oracle said that we can disclosure this advisories now.
Polyakov Alexandr
Information Security Analyst
More information about the VIM
mailing list