A Oracle acaba de lançar um patch abordando várias vulnerabilidades, 299 ser particular. Este patch está fazendo um novo registro, quebrando o patch de julho do ano passado 276 falhas.
A empresa abordou 39 MySQL e 39 Oracle Retail flaws, 47 Financial Services flaws, e 8 Java bugs. Do 299 vulnerabilidades mais que 100 are deemed remotely exploitable.
299 Security Patches Issued by Oracle in April 2017 Advisory
The software company just released a security advisory documenting the 299 security flaws in most of its products such as Oracle Database Server, Fusion Middleware, Enterprise Manager Base platform, PeopleSoft Enterprise, Java. Contudo, most of the fixes are for Oracle Financial Services, Retail, Comunicações, and My SQL software. The flaws in these services could be exploited remotely via HTTP which could lead to the complete hijacking of the vulnerable systems.
relacionado: Oracle corrigiu 270 Security Flaws in Its Products
Oracle also fixed 25 instances of the infamous Apache Struts vulnerability which could allow a remote attacker to take complete control of the server running Struts, as pointed out by Qualys. além do que, além do mais, the struts fix was applied to 19 instances of Oracle Financial Services Applications together with WebCenter, WebLogic, Siebel, Oracle Communications, MySQL and Oracle Retail.
CVE-2017-3622 Also Fixed
CVE-2017-3622 is one of the flaws discovered in Solaris 10 e 11.3 via the Shadow Brokers dump. não é de surpreender, the patch is critical and according to reports received by Oracle the flaw has been successfully exploited in outdated software. portanto, IT admins should hurry to patch vulnerable systems as soon as possible to avoid attacks.
The Java Fixes
As reported by Qualys, Java SE was patched with 8 correções de segurança 7 of which could be exploited remotely without the need of authentication. AWT, JCE and other Java networking components were also affected and could have been exploited via FTP, SMTP and a bunch of other protocols.
Em conclusão, this has been another huge set of patches where Oracle has issued 299 security fixes concerning all product families, addressing Apache Struts and patching additional 162 flaws that could be exploited remotely.