Oracle’s behavior in not fixing critical security bugs for long time is unacceptable, security firm says

Claiming that Oracle has failed to fix six vulnerabilities despite having more than 650 days to issue a patch, researchers at security firm Red Database Security published details of the flaws on Tuesday.


The flaws vary in severity with three of the six classified by the firm as high risk, potentially allowing a remote attacker to compromise a server or overwrite files, according to advisories released by Red Database.


“Oracle’s behavior (in) not fixing critical security bugs for a long time–over 650 days–is not acceptable for their customers,” Alexander Kornbrust, CEO and principal researcher with the Neunkircher, Germany-based consultancy, said in the prologue to each advisory. “Oracle put their customers in danger–at least one critical vulnerability can be abused (by) any attacker via the Internet.”


More in http://securityfocus.com/news/11252

Leave a Reply