Oracle patch update for April 2017 also fixed Struts and Shadow Brokers exploits

Pierluigi Paganini April 19, 2017

Oracle patch update for April 2017 fixed a record number of vulnerabilities, including Apache Struts and Shadow Brokers exploits.

Oracle has released security updates to fix flaws in its product, including Apache Struts and a Solaris exploit included in a dump leaked by the Shadow Brokers hackers and containing NSA documents and hacking tools.

The Oracle patch update for April 2017 fixed the vulnerability exploited by the EXTREMEPARR tool developed by the NSA to hack Solaris 10.

The NSA dump recently leaked by Shadow Brokers includes also another Solaris exploit code named EBBISLAND that triggers a vulnerability patched since 2012 in Solaris 10 Update 11.

Oracle patch update for April 2017

This is a record security update, it includes in fact 299 fixes to Oracle products, 162 of them are remotely exploitable.  83 security fixes address vulnerabilities in Oracle business-critical applications, including Oracle PeopleSoft, E-Business Suite, JD Edwards, Siebel CRM and the Primavera Products Suite.

Oracle released 8 security fixes for Java, 39 for MySQL and 3 for Oracle Database Server.

The remote code execution Struts flaw was exploited in the wild by hackers to target Java Web Servers.

Apache Struts 2 is currently used in many Oracle products, including MySQL Enterprise Monitor, Oracle WebCenter Sites, Oracle WebLogic Server, Oracle Communications, Retail and Financial Services applications, and the Siebel E-Billing app.

Oracle fixed 40 critical vulnerabilities, 25 of which rated with a severity score of 10 in the Common Vulnerability Scoring System (CVSS).

The Oracle Critical Patch Update Advisory – April 2017 addresses application for a wide range of industry sectors, including financial services, retail, communications, utilities, and hospitality.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Oracle patch update, Hotels, hacking)



you might also like

leave a comment