CYBER NEWS

Correções do Oracle CVE-2017-3622, 298 Falhas de segurança no comunicado de abril de 2017

A Oracle acaba de lançar um patch abordando várias vulnerabilidades, 299 ser particular. Este patch está fazendo um novo registro, quebrando o patch de julho do ano passado 276 falhas.

A empresa abordou 39 MySQL e 39 Oracle Retail flaws, 47 Financial Services flaws, e 8 Java bugs. Do 299 vulnerabilidades mais que 100 are deemed remotely exploitable.

299 Security Patches Issued by Oracle in April 2017 Advisory

The software company just released a security advisory documenting the 299 security flaws in most of its products such as Oracle Database Server, Fusion Middleware, Enterprise Manager Base platform, PeopleSoft Enterprise, Java. Contudo, most of the fixes are for Oracle Financial Services, Retail, Comunicações, and My SQL software. The flaws in these services could be exploited remotely via HTTP which could lead to the complete hijacking of the vulnerable systems.

relacionado: Oracle corrigiu 270 Security Flaws in Its Products

Oracle also fixed 25 instances of the infamous Apache Struts vulnerability which could allow a remote attacker to take complete control of the server running Struts, as pointed out by Qualys. além do que, além do mais, the struts fix was applied to 19 instances of Oracle Financial Services Applications together with WebCenter, WebLogic, Siebel, Oracle Communications, MySQL and Oracle Retail.

CVE-2017-3622 Also Fixed

CVE-2017-3622 is one of the flaws discovered in Solaris 10 e 11.3 via the Shadow Brokers dump. não é de surpreender, the patch is critical and according to reports received by Oracle the flaw has been successfully exploited in outdated software. portanto, IT admins should hurry to patch vulnerable systems as soon as possible to avoid attacks.

The Java Fixes

As reported by Qualys, Java SE was patched with 8 correções de segurança 7 of which could be exploited remotely without the need of authentication. AWT, JCE and other Java networking components were also affected and could have been exploited via FTP, SMTP and a bunch of other protocols.

relacionado: Vulnerabilidade séria de desserialização de Java descoberta em 70 Bibliotecas

Em conclusão, this has been another huge set of patches where Oracle has issued 299 security fixes concerning all product families, addressing Apache Struts and patching additional 162 flaws that could be exploited remotely.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerenciador de conteúdo que foi com SensorsTechForum desde o início. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Fique ligado
Assine nosso boletim informativo sobre as últimas cibersegurança e notícias relacionadas com a tecnologia.