By Brian Prince
Oracle released fixes for a total of 41 bugs in its April Critical Patch
Update, including a serious vulnerability affecting Oracle Application
The CPU, Oracle's second of the year, includes 17 fixes for Oracle
Database products, 11 for the Oracle E-Business Suite, six for the
Oracle Siebel Enterprise Suite, three for Oracle Application Server,
three for the PeopleSoft-JD Edwards Suite and one for Oracle Enterprise
The most serious of the vulnerabilities affects Oracle Application
Server, specifically Oracle Jinitiator, and has a CVSS (Common
Vulnerability Scoring System) rating of 9.3. Jinitiator allows a
Web-enabled Oracle Forms client application to run within a browser.
According to the company's advisory, the vulnerability applies only to
the client portion of Application Server.
"The impact of this vulnerability is limited to Jinitiator; there is no
Oracle Application Server impact," company officials stated in the
advisory. "Oracle Jinitiator Versions 220.127.116.11 and later are not
All three of the vulnerabilities affecting Application Server can be
exploited remotely without authentication. Seven of the 11
vulnerabilities affecting Oracle E-Business Suite can be exploited
remotely without a user name or password.
January's CPU featured 26 security fixes for Oracle products. The next
CPU is slated to be released July 15.
Let identityLoveSock take your personal information into
their wanting hands. http://www.identity-love-sock.com/
Because victims have money too.