Oracle Vulnerability

Oracle July 2021 Critical Patch Update for All Product Families

August 2, 2021

Overview On July 21, 2021, NSFOCUS detected that Oracle released the July 2021 Critical Patch Update (CPU), which fixed 342 vulnerabilities of varying risk levels. This CPU involves multiple commonly used products, such as Oracle Database Server, Oracle Java SE, Oracle Fusion Middleware, Oracle MySQL, and Oracle Communications. Oracle strongly recommends that users fix these […]

Oracle January 2021 Critical Patch Update for All Product Families

January 24, 2021

Overview

On January 20, 2021, NSFOCUS detected that Oracle released the January 2021 Critical Patch Update (CPU), which fixed 329 vulnerabilities of varying risk levels. This CPU involves multiple commonly used products, such as Oracle WebLogic Server, Oracle Database Server, Oracle Java SE, Oracle Fusion Middleware, Oracle MySQL, Oracle Enterprise Manager, and Oracle Systems. Oracle strongly recommends users fix these vulnerabilities by applying Critical Patch Update patches as soon as possible.

(more…)

Oracle October 2020 Critical Patch Update for All Product Families Threat Alert

October 31, 2020

Overview

On October 20, 2020, local time, Oracle released Critical Patch Update (CPU) for October 2020, its own security advisories, and third-party security bulletins, which fix 402 vulnerabilities of varying severity levels. For details about affected products and available patches, see the appendix.

For complete information, see Oracle’s official security advisory from the following link:

https://www.oracle.com/security-alerts/cpuoct2020.html
(more…)

Oracle July 2020 Critical Patch Update for All Product Families Threat Alert

July 31, 2020

Overview

On July 14, 2020 local time, Oracle released its July 2020 Critical Patch Update (CPU), its own security advisories, and third-party security bulletins, which fix 443 vulnerabilities of varying severity levels. For details about affected products and available patches, see the appendix.

(more…)

Oracle October 2019 Critical Patch Update for All Product Families Threat Alert

October 21, 2019

Overview

On October 15, 2019, local time, Oracle released its own security advisory and third-party security advisories for its October 2019 Critical Patch Update (CPU) which fixes 240 vulnerabilities of varying severity levels across the product families. For details about affected products and available patches, visit the appendix. (more…)

Oracle WebLogic Remote Code Execution Vulnerability (CVE-2019-2725) Patch Bypass Threat Alert

June 18, 2019

Overview

Recently, the NSFOCUS security team has found that the Oracle Weblogic vulnerability is exploited in the wild. Its attack signature is similar to that of the CVE-2019-2725 vulnerability. The attack can bypass the latest security patch released by Oracle in April. This vulnerability exists because no proper sanitization is performed when deserialized information is handled. By sending a crafted malicious HTTP request, attackers could exploit this vulnerability to gain server privileges and remotely execute arbitrary code in an unauthorized manner.

(more…)

Oracle WebLogic Server Deserialization Remote Code Execution Vulnerability Threat Alert

May 3, 2019

1 Vulnerability Overview

On April 17, China National Vulnerability Database (CNVD) published details of a remote code execution vulnerability in Oracle WebLogic Server. Specifically, this vulnerability exists in the wls9_async_response.war component that comes with Oracle WebLogic Server as this component fails to properly deserialize the input information. An unauthorized attacker could exploit this vulnerability to gain server privileges for remote code execution by sending a carefully crafted malicious HTTP request. (more…)