Red-Database-Security GmbH is specialized in Oracle SecurityProductsRepscan 2.5 Hedgehog Enterprise Checkpwd (free)
Services
Information
Company |
Oracle CPU July 2005 - Silently fixed bugs - V1.02 After reading all the documentation and some tests with the CPU July 2005 I found out that Oracle fixed some security bugs silently without mention these bugs in their current risk matrix. Detailed information about most of these bugs are not available via Metalink but in many cases the description is sufficient for a malicious attacker (e.g. "/DAV_PUBLIC IS NOT PROTECTED BY DEFAULT ENABLING MALITIOUS USER TO FILL IT UP"). For OHS 9.0.2.3: 3174425 - OHS CRASHES WITH A SPECIFIC REQUEST 3396862 - MOD_OSSO DOES NOT EXPIRE PARTNER APPLICATION COOKIES For Mod_Oradav 9.0.2.3: 2544464 - ORAALTPASSWORD SHOULD BE ENCRYPTED AND NOT JUST OBFUSCATED For Webcache 9.0.2.3: 2972458 - WEBCACHE SERVES DOCUMENTS AT 40 BIT ENCRYPTION WHEN 128 SPECIFIED IN OHS For OHS 9.0.3.1: 3164583 - INACTIVITY TIMEOUT CAN BE BYPASSED USING BROWSER BACK BUTTON 2701804 - OHS HANGS: NO BUFFER SPACE AVAILABLE: ACCEPT: (CLIENT SOCKET) 3174425 - OHS CRASHES WITH A SPECIFIC REQUEST For DB 9.0.1.4 or DB 9.0.1.5: 3889519 - UPLOAD IN SSL DOES NOT WORK WITH IE AFTER SECALERT 68 OR DB PATCH 9015 DB 9.0.1.5Fips Patch 4 : 4340015 4067484 SSO SERVER XSS CHECK DB 9.0.1.5Fips Patch 2 : 4210722 2605435 : MEMORY LEAK WHEN EXECUTING A QUERY THROUGH TAF CONNECTION
History
Excerpt from the Patch README Files ########################################### README for 4393850 Patch Details Oracle Critical Patch Update July 2005 Release Notes for Oracle Application Server Version 9.0.2.3 For OHS 9.0.2.3: 3174425 - OHS CRASHES WITH A SPECIFIC REQUEST 3396862 - MOD_OSSO DOES NOT EXPIRE PARTNER APPLICATION COOKIES For Mod_Oradav 9.0.2.3: 2544464 - ORAALTPASSWORD SHOULD BE ENCRYPTED AND NOT JUST OBFUSCATED For Webcache 9.0.2.3 2972458 - WEBCACHE SERVES DOCUMENTS AT 40 BIT ENCRYPTION WHEN 128 SPECIFIED IN OHS ########################################### README for 4437086 Patch Details Oracle Critical Patch Update July 2005 Release Notes for Oracle Database Server Version 9.0.1.5 Patch 7 OHS 9.0.2.3: 3174425 - OHS CRASHES WITH A SPECIFIC REQUEST 3396862 - MOD_OSSO DOES NOT EXPIRE PARTNER APPLICATION COOKIES For Mod_Oradav 9.0.2.3: 2544464 - ORAALTPASSWORD SHOULD BE ENCRYPTED AND NOT JUST OBFUSCATED For Webcache 9.0.2.3 2972458 - WEBCACHE SERVES DOCUMENTS AT 40 BIT ENCRYPTION WHEN 128 SPECIFIED IN OHS ########################################### README for 4392477 Patch Details Oracle Critical Patch Update July 2005 Release Notes for Oracle Database Server Version 9.0.1.5 OHS 9.0.2.3: 3174425 - OHS CRASHES WITH A SPECIFIC REQUEST 3396862 - MOD_OSSO DOES NOT EXPIRE PARTNER APPLICATION COOKIES For Mod_Oradav 9.0.2.3: 2544464 - ORAALTPASSWORD SHOULD BE ENCRYPTED AND NOT JUST OBFUSCATED For Webcache 9.0.2.3 2972458 - WEBCACHE SERVES DOCUMENTS AT 40 BIT ENCRYPTION WHEN 128 SPECIFIED IN OHS ########################################### For OHS 9.0.3.1: 3164583 - INACTIVITY TIMEOUT CAN BE BYPASSED USING BROWSER BACK BUTTON 2701804 - OHS HANGS: NO BUFFER SPACE AVAILABLE: ACCEPT: (CLIENT SOCKET) 3174425 - OHS CRASHES WITH A SPECIFIC REQUEST For Mod_Oradav 9.0.3.1 2544464 - ORAALTPASSWORD SHOULD BE ENCRYPTED AND NOT JUST OBFUSCATED For DB 9.0.1.4 or DB 9.0.1.5 3889519 - UPLOAD IN SSL DOES NOT WORK WITH IE AFTER SECALERT 68 OR DB PATCH 9015 ########################################### README for 4393858 Patch Details Oracle Critical Patch Update July 2005 Release Notes for Oracle Application Server Version 9.0.4.0 For DB 9.0.1.5FIPS: 3889519 - UPLOAD IN SSL DOES NOT WORK WITH IE AFTER SECALERT 68 OR DB PATCH 9015 ########################################### README for 4415825 Patch Details Oracle Critical Patch Update July 2005 Release Notes for Oracle Database Server Version 9.0.1.5FIPS For DB 9.0.1.5FIPS: 3889519 - UPLOAD IN SSL DOES NOT WORK WITH IE AFTER SECALERT 68 OR DB PATCH 9015 ########################################### README for 4437081 Patch Details Oracle Critical Patch Update July 2005 Release Notes for Oracle Database Server Version 9.0.1.5FIPS Patch 5 DB 9.0.1.5Fips Patch 4 : 4340015 4067484 SSO SERVER XSS CHECK DB 9.0.1.5Fips Patch 2 : 4210722 2605435 : MEMORY LEAK WHEN EXECUTING A QUERY THROUGH TAF CONNECTION ########################################### © 2005 by Red-Database-Security GmbH - last update 03-nov-2005 |
Oracle Patch Policy
More information available on Oracle OTN: Security Vulnerability Fixing Policy and Process |