Software Integrity Blog


Oracle releases its largest security software update

On Tuesday, Oracle released a record 276 fixes for vulnerabilities across an array of its software.

The July security advisory affects 84 products in total, including Fusion Middleware, MySQL, Java and Enterprise Manager software.

Of the 276 vulnerabilities, at least 159 can be exploited remotely without authentication, most often over a vulnerable network and without any requirement for user credentials. And 19 of these security issues have been assigned CVSS scores of 9.8, with most of the others at least a 9. Products such as Oracle HTTP Server, WebLogic Server and GlassFish contained at least 39 flaws, 35 of which were exploitable remotely without authentication. The Oracle Sun Systems suite contains 34 flaws, 21 of which can grant attackers the chance to execute code remotely. Java SE contains 13 flaws, 4 of which scored a 9.6 on the CVSS rating system.

The next Oracle patch is due in mid-October.


More by this author