Imperva ADC Discovers and Helps Oracle Address Critical Security Flaw
ADC Submitted Access Control Bypass Vulnerability to Oracle; Critical Patch Update Released Tuesday
WHO:
Imperva Application Defense Center (ADC), Imperva’s independent research organization.
WHAT:
Discovered an access control bypass vulnerability that affects all Oracle versions up to 10gR2. This vulnerability can be exploited to extract information from any table in a database server by unauthorized users. The vulnerability is in the Direct Path Export functionality. Oracle issued a Critical Patch Update yesterday that addresses this vulnerability and others.
Imperva SecureSphere Database Security Gateway appliances can protect Oracle products against this flaw until it is patched. For more details on this vulnerability see the Imperva Security Advisory at the link below.
WHERE:
WHEN:
Imperva today made available a Security Advisory on this vulnerability. Oracle released the Critical Patch Update on April 15th, 2008.
HOW:
ADC conducts ongoing research into database security issues, and discovered this vulnerability during an in-depth analysis of the Oracle Database platform. ADC’s research findings are used to enhance the SecureSphere product line with next generation attack detection and protection features.
About the Imperva Application Defense Center
Imperva’s independent research organization, the Application Defense Center (ADC), is internationally recognized for security analysis, vulnerability discovery, and compliance expertise. ADC research combines extensive lab work with hands-on testing in real world environments to ensure that Imperva's products have the most advanced technology, up-to-date threat protection, and unparalleled compliance automation. The ADC has discovered over 60 commercial application vulnerabilities and having issued numerous security advisories, the ADC offers exceptional insight into both published and unpublished security threats.
About Imperva
Imperva is the leader in application data security and compliance. Leading enterprise and government organizations worldwide rely on Imperva to prevent data theft and abuse, and ensure data integrity. The company’s SecureSphere products provide data governance and protection solutions that monitor, audit and secure business applications and databases. For more information, visit www.imperva.com
# # #
Imperva and SecureSphere are trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.
Editorial Contact
Marc Gendron
(781) 237-0341
marc@mqpr.net