Application Security, Inc. to Support July Oracle Critical Patch Update for the Oracle Database
Team SHATTER, AppSec's Leading Global Database Security Researchers, Determines CVE-2010-0902 as Most Dangerous Vulnerability in CPU.
- (1888PressRelease) July 20, 2010 - NEW YORK ─ Application Security, Inc. (AppSec), the leading provider of database security, risk and compliance solutions (SRC) for the enterprise, today announced that it will support Oracle's July 2010 CPU (critical patch update) for the Oracle database.
The latest CPU contains 59 security vulnerability fixes across multiple Oracle products, 13 of which are specific to the Oracle database. Out of the 13 Oracle database server vulnerabilities, two have been assigned a CVSS (Common Vulnerability Scoring System) score of 7.8 out of 10 and another vulnerability scored at 6.0. In addition, four of the database vulnerabilities may be remotely exploitable without authentication. AppSec implements support for every CPU ensuring the highest level of protection and performance for Oracle database users.
With every Oracle CPU, AppSec. updates its market-leading solutions, AppDetectivePro for auditors and IT advisors and DbProtect for the enterprise with the appropriate scanning checks and monitoring filters through its monthly ASAP Update™ (Application Security Automatic Protection) process. DbProtect updates will include monitoring filters for the new security vulnerabilities, enabling customers to protect sensitive information during the deployment of new patches across their database infrastructure.
AppSec's Team SHATTER has been providing its customers and database vendors with the most up-to-date database vulnerability information to ensure the security of information stored in databases.
In this CPU, Esteban Martinez Fayo of Team SHATTER was credited for identifying two database vulnerabilities: CVE-2010-0903 and CVE-2010-2373.
"AppSec is committed to providing Oracle customers with the most relevant and up-to-date vulnerability checks and protection, said Alex Rothacker, Manager, Team SHATTER, AppSec. "The Team SHATTER knowledgebase is the largest and most up-to-date database vulnerability offering of its kind. By identifying sand remediating critical database vulnerabilities we can ensure our customers' data is safe from internal and external threats."
AppSec's Team SHATTER has identified the following vulnerabilities as high risk:
• CVE-2010-0902 allows any user with the minimal CREATE SESSION privilege to compromise the confidentiality, integrity and availability of the DBMS. Although this is rated with a CVSS score of only 6.0, AppSec's Team SHATTER has determined it to be the more dangerous vulnerability in this CPU.
• CVE-2010-0911 and CVE-2010-0903 allows anyone to exploit a database without requiring login credentials. These vulnerabilities allow for attackers to exploit denial of service (DoS) attacks against the database and making it unavailable to enabled users.
According to Team SHATTER's Alex Rothacker, "Although CVE-2010-0902 is rated by Oracle with a CVSS score of 6.0, this is the most severe vulnerability included in this CPU and should be patched immediately. The vulnerability allows full takeover of the database management system (DBMS) and possibly the server. In certain cases the CVSS ratings for vulnerabilities do not adequately reflect the threat to critical databases."
About Application Security, Inc.
AppSec is the leading provider of database security, risk and compliance (SRC) solutions for the enterprise. AppSec's agentless approach - AppDetectivePro for auditors and IT advisors, and DbProtect for the enterprise - delivers the industry's most scalable database SRC solution and is in use around the world in the most demanding environments by over 2,000 customers. The company was named to Inc. Magazine's 2007 (Inc. 500) and 2008 list of America's Fastest Growing Private Companies, and was also named to the 2008 Deloitte Technology Fast 50 by Deloitte & Touche.
For a free database vulnerability assessment visit http://www.appsecinc.com/downloads/appdetectivepro/
For more information, please visit www.appsecinc.com.
DbProtect and AppDetetectivePro are trademarks of Application Security, Inc. All other product names, service marks, and trademarks mentioned herein are trademarks of their respective owner.