Oracle fixes Struts and Shadow Brokers exploits in huge patch release
From InfoWorld: Oracle has released a record 299 security fixes for vulnerabilities in its products, including patches for a widely exploited vulnerability in the Apache Struts framework and a Solaris exploit supposedly used by the U.S. National Security Agency.
The Struts vulnerability allows for remote code execution on Java web servers and was patched on March 6. Attackers have quickly adopted it and have used it in widespread attacks since then.
Oracle uses Apache Struts 2 in several of its products, which is why Tuesday’s critical patch update (CPU) fixed 25 instances of the vulnerability in Oracle Communications, Retail and Financial Services applications, as well as in the MySQL Enterprise Monitor, Oracle WebCenter Sites, Oracle WebLogic Server and the Siebel E-Billing app.
The company also fixed the vulnerability behind the EXTREMEPARR exploit for Solaris 10 that was leaked recently by a group called Shadow Brokers as part of a larger data dump of alleged NSA cyber tools. Another Solaris exploit that was part of the same arsenal and was dubbed EBBISLAND has been patched since 2012 in Solaris 10 Update 11, Oracle said.
Oracle’s quarterly patch bundle contains fixes for 40 vulnerabilities that are rated as critical, 25 of which have the highest severity score of 10 in the Common Vulnerability Scoring System (CVSS). Overall, 162 out of the 299 patched vulnerabilities are remotely exploitable.
View: Article @ Source Site