Security Protection – Harry Waldron MVP Rotating Header Image

Oracle out-of-band patch release to prevent Apache DoS exploits

The Internet Storm Center shares an important emergency release that corporations should apply expediently:

Oracle Emergency Patch for CVE-2011-3192 has been released! http://isc.sans.org/diary/Oracle+Emergency+Patch+for+CVE-2011-3192+has+been+released+/11602

QUOTE: This security alert addresses the security issue CVE-2011-3192, a denial of service vulnerability in Apache HTTPD, which is applicable to Oracle HTTP Server products based on Apache 2.0 or 2.2. This vulnerability may be remotely exploitable without authentication, i.e. it may be exploited over a network without the need for a username and password. A remote user can exploit this vulnerability to impact the availability of un-patched systemsThe bug is serious enough for Oracle to issue the patch outside of its usual large quarterly updates, the next of which is scheduled for Oct. 18.

Comments are closed.