Oracle Issues High Risk SSL Security Alert
8th December, 2003
Oracle has issued an alert (PDF) detailing high risk security holes affecting all SSL products in the Oracle9i Application Server, the Oracle9i and Oracle8i Database Servers, and Oracle HTTP server. "Any client that is able to access the server may exploit the vulnerabilities," the company said in its alert.
The patches address security issues in OpenSSL that were outlined on our site last month, and originally published by NISCC on Sept. 30. Fixes for these problems are available in the latest versions of OpenSSL (0.9.6k and 0.9.7c).
OpenSSL is an open source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a general purpose cryptography library.
Topically, the host involved in todays fraud attack on National Westminster was, according to the published Apache module line running a vulnerable version of OpenSSL.
Posted by Rich Miller in Security
Advertisers Directory
Your link here? Advertising on the Netcraft Blog
Related News
Outages Continue at SCO
15 Dec 2003
Performance, Security
The web site outages continue at SCO, which was unreachable for much of the weekend and is currently experiencing its fourth incident of extended downtime since it came under a distributed denial of service (DDoS) attack last Thursday. A dynamically...
View full post
CAIDA: Data Confirms DDoS at SCO
12 Dec 2003
Performance, Security
A data-based analysis of SCO's web site by the Cooperative Association for Internet Data Analysis (CAIDA) has found that this week's outage was related to a distributed denial of service attack (DDoS). Data collected by CAIDA's Network Telescope indicates...
View full post
IE Flaw Allows Spoofed URLs
12 Dec 2003
Security
A newly publicized bug in Internet Explorer shows that it is possible to craft html which causes Internet Explorer to display an incorrect URL in its address and status bars, making it easier for Internet fraudsters to trick web users into divulging...
View full post