Oracle patch update for April 2017 fixed a record number of vulnerabilities, including Apache Struts and Shadow Brokers exploits.
Oracle has released security updates to fix flaws in its product, including Apache Struts and a Solaris exploit included in a dump leaked by the Shadow Brokers hackers and containing NSA documents and hacking tools.
The NSA dump recently leaked by Shadow Brokers includes also another Solaris exploit code named EBBISLAND that triggers a vulnerability patched since 2012 in Solaris 10 Update 11.
This is a record security update, it includes in fact 299 fixes to Oracle products, 162 of them are remotely exploitable. 83 security fixes address vulnerabilities in Oracle business-critical applications, including Oracle PeopleSoft, E-Business Suite, JD Edwards, Siebel CRM and the Primavera Products Suite.
Oracle released 8 security fixes for Java, 39 for MySQL and 3 for Oracle Database Server.
Apache Struts 2 is currently used in many Oracle products, including MySQL Enterprise Monitor, Oracle WebCenter Sites, Oracle WebLogic Server, Oracle Communications, Retail and Financial Services applications, and the Siebel E-Billing app.
Oracle fixed 40 critical vulnerabilities, 25 of which rated with a severity score of 10 in the Common Vulnerability Scoring System (CVSS).
The Oracle Critical Patch Update Advisory – April 2017 addresses application for a wide range of industry sectors, including financial services, retail, communications, utilities, and hospitality.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.