Oracle Critical Patch Update for April 2014
Oracle released its quarterly Criticical Patch Update (CPU) yesterday [1]. As usual, the number of patches is quite intimidating. But remember these 104 fixes apply across the entire Oracle product range.
Some of the highlights:
CVE-2014-2406: A bug in Oracle's Database which allows a remotely authenticated user to gain control over the database.
37 new patches for Java SE, 35 of which allow remote execution as the user running the Java Applet (according to Oracle: "The CVSS scores below assume that a user running a Java applet or Java Web Start application has administrator privileges (typical on Windows)".
4 of the Java vulnerabilities have a base CVSS score of 10 indicating not only full remote code execution but also easy exploitability.
[1] http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
Comments