InformationWeek - Oracle Patches E-Business Security Flaws Ahead Of Schedule

The patch was brought to light through a report issued by Integrigy Corp., a provider of application security software for Oracle products, one day after Oracle announced the problem. "There exist a number of high-risk security vulnerabilities in the Oracle Diagnostics Web pages and Java classes," the Integrigy report says. "The most significant issue with the Oracle Diagnostics is that some of the diagnostics can be executed without any authentication and it is possible to configure the diagnostics to be unrestricted." The patch also fixes several permission issues and SQL injection vulnerabilities.

The link address is: http://www.informationweek.com/news/showArticle.jhtml?articleID=181401258