Directories

Application Security, Inc.’s TeamSHATTER Discovers Seven Database Vulnerabilities In April 2012 Oracle Critical Patch Update

NEW YORK ---- Application Security, Inc. (AppSecInc), the leading provider of database security solutions for the enterprise, today announced that TeamSHATTER’s Technical Lead for Security Research, Esteban Martinez Fayo, has been credited by Oracle for discovering and reporting seven out of the twelve database-related vulnerabilities disclosed in the April 2012 Oracle Critical Patch Update (CPU). TeamSHATTER researchers have been credited for reporting vulnerabilities in 27 of the 30 Oracle CPUs since the program’s inception in 2005.

The April 2012 CPU contains a total of 88 security vulnerability fixes cross multiple Oracle products, twelve of which are specific to database products. Six patches were issued for the Oracle Database Server and six for the Oracle Enterprise Manager Grid Control. TeamSHATTER was responsible for discovering seven of the twelve, including three for the Oracle Database Server and four for the Oracle Enterprise Manager Grid Control product.

“Just when we thought Oracle threw in the towel on fixing database vulnerabilities, they follow-up their record low database-related fixes from the last CPU in January with a dozen fixes in the April 2012 CPU,” said Alex Rothacker, Director of Security Research, AppSecInc’s TeamSHATTER. “While we hope that this is an indication of Oracle’s renewed focus on database security improvements, we are quite disappointed that it took them over two and a half years to fix a high risk vulnerability that we reported to them in October 2009. It is just not acceptable to leave users at risk for that long.”

Rothacker continues, “In reviewing this CPU, another tremendous concern I have is that 33 of the 88 vulnerabilities fixed were remotely exploitable without authentication, which means that anybody on the network can exploit these. That is a massive amount of flaws of this nature to have across the Oracle product line. Hopefully that is not a trend that we continue to see more of in future CPU cycles.”

The TeamSHATTER vulnerability knowledgebase is the largest and most up-to-date offering of its kind. By identifying and remediating critical database vulnerabilities, TeamSHATTER helps to ensure that AppSecInc customer data is safe from internal and external threats.

AppSecInc supports every Oracle CPU by updating its market-leading solutions, AppDetectivePro for auditors and IT advisors and DbProtect for the enterprise with the appropriate scanning checks and monitoring filters through its monthly ASAP Update™ (Application Security Automatic Protection) process. DbProtect updates will include monitoring filters for the new security vulnerabilities, enabling customers to protect sensitive information during the deployment of new patches across their database infrastructure.

About TeamSHATTER

TeamSHATTER, the research arm of Application Security, Inc., is the largest dedicated database security, vulnerability and misconfiguration research team in the world. TeamSHATTER maintains the most comprehensive knowledgebase of database vulnerability and misconfiguration checks in the industry and understands how to make security an integral part of an enterprise’s database security and network management infrastructure.

About Application Security, Inc.

AppSecInc is a pioneer and leading provider of database security solutions for the enterprise. By providing strategic and scalable software-only solutions – AppDetectivePro for auditors and IT advisors, and DbProtect for the enterprise – AppSecInc supports the database security lifecycle for some of the most complex and demanding environments in the world across more than 1,300 active commercial and government customers.

Leveraging the world’s most comprehensive database security knowledgebase from the company’s renowned team of threat researchers, TeamSHATTER, AppSecInc products help customers achieve unprecedented levels of data security from nefarious or accidental activities, while reducing overall risk and helping to ensure continuous regulatory and industry compliance.

Related Downloads

Secure Oracle Auditor

Secure Oracle Auditor 3.0.12.0016

Secure Oracle Auditor is an Oracle auditing and Oracle security vulnerability assessment software which is capable of scanning multiple Oracle database servers. This Oracle security software provides Oracle audit tools, Oracle password tools,...

Secure Ora Auditor

Secure Ora Auditor 2.0.1267.0081

Secure Oracle Auditor™ (SOA) is an Oracle auditing and Oracle security vulnerability assessment software which is capable of scanning multiple Oracle database servers. This Oracle security software provides Oracle audit tools, Oracle password...

Secure Oracle Auditor

Secure Oracle Auditor 3.0.9.0013

Secure Oracle Auditor (SOA) is an Oracle auditing and Oracle security vulnerability assessment software which is capable of scanning multiple Oracle database servers. This Oracle security software provides Oracle audit tools, Oracle password tools,...

Core Audit

Core Audit 2.1

Core Audit is an Oracle Database Auditing (Database Activity Monitoring) solution for Compliance and Security.

It was built from the ground up to meet the exact and unique needs of Oracle customers that need to comply with various...

Oracle Data Provider for .NET 9.2

Oracle Data Provider for .NET (ODP.NET) features optimized ADO.NET data access to the Oracle database. ODP.NET allows developers to take advantage of advanced Oracle database functionality, including Real Application Clusters, XML DB, and advanced...

Secure SQL Auditor

Secure SQL Auditor 3.0.9.0013

Secure SQL Auditor (SQA) is a SQL security software that conducts database server security auditing & includes vulnerability assessment tools for SQL database server. It is a network based SQL security assessment tool capable of scanning multiple...

techFAQ360 Oracle Database 10g DBA OCA Success Kit Free 1.1

Oracle Database 10g DBA OCA Success Kit trail version,Exam Practice, Simulator, OCA ORACLE 10G ADMIN-I (1Z0-042)Exam,OCP ORACLE 10G ADMIN-II Success Kit, Oracle Database 10g: Administration II,Mock Practice Exam.Syllabus covered. Architecture...

certchamp Oracle 10g DBA admin-i Success Kit Free 1.1

Oracle Database 10g DBA OCA Success Kit trail version,Exam Practice, Simulator, OCA ORACLE 10G ADMIN-I (1Z0-042)Exam,OCP ORACLE 10G ADMIN-II Success Kit, Oracle Database 10g: Administration II,Mock Practice Exam.Syllabus covered. Architecture...

Repair Oracle 11g Database 1.0

Recover Data for Oracle Database Recovery Software is an efficient and effective Oracle 11g database repair tool which made Oracle 11g database recovery so simple for technical and non-technical users of 11g Oracle application. Our Oracle 11g...

Secure SQL Auditor

Secure SQL Auditor 3.0

Secure SQL Auditor„ (SQA) is a SQL security software that conducts database server security auditing & includes vulnerability assessment tools for SQL database server. It is a network based SQL security assessment tool capable of scanning multiple...