Oracle Database Server Remote Vulnerabilities (CVE-2014-6514)
Release date:
Updated on:
Affected Systems:
Oracle database server 11
Description:
Bugtraq id: 72166
CVE (CAN) ID: CVE-2014-6514
Oracle Database Server is an object-1 relational Database management system. It provides open, comprehensive, and integrated information management methods.
Oracle Database Server has a remote security vulnerability in the implementation of PL/SQL components, which can be exploited through the Oracle Net protocol, authenticated remote attackers can exploit this vulnerability to affect the confidentiality of affected components. Versions affected by this vulnerability include 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2. To exploit this vulnerability, you need to create a session.
<* Source: Oracle
Link: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
*>
Suggestion:
Vendor patch:
Oracle
------
Oracle has released a Security Bulletin (cpujan2015-1972971) and patches for this:
Cpujan2015-1972971: Oracle Critical Patch Update Advisory-January 2015
Link: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
This article permanently updates the link address: