http://www.computerworld.com/article/2872694/oracle-to-fix-167-vulnerabilities-including-a-backdoor-like-flaw-in-its-e-business-suite.html
By Lucian Constantin
IDG News Service
Jan 20, 2015
Oracle's monster batch of security updates expected Tuesday will include a
fix for a serious misconfiguration issue in its E-Business Suite product
that can give hackers access to databases full of sensitive business
records.
Renowned database security expert David Litchfield discovered the issue
last year on a client's system and at first he thought it was a backdoor
left behind by an attacker.
"On investigation, it turns out the 'backdoor' is part of a seeded
installation!" he said Monday on Twitter. "I was flabbergasted. Still am."
In a pre-announcement about its quarterly Critical Patch Update expected
today, Oracle said that 10 vulnerabilities will be fixed in E-Business
Suite, six of which can be exploited remotely without authentication.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
