Jump to content


Oracle Security Alert - CVE-2017-9805

  • Please log in to reply
No replies to this topic

#1 AplusWebMaster



  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 23 September 2017 - 07:26 AM


Oracle Security Alert Advisory - CVE-2017-9805
- https://blogs.oracle...7-9805-released
Sep 22, 2017 - "Last week, Equifax identified an Apache Struts 2 vulnerability, CVE-2017-5638, as having been exploited in a significant security incident. Oracle distributed the Apache Foundation’s fixes for CVE-2017-5638 several months ago in the April 2017 Critical Patch Update, which should have already been applied to customer systems well before this breach came to light. Recently, the Apache Foundation released fixes for a number of additional Apache Struts 2 vulnerabilities, including CVE-2017-9805, CVE-2017-7672, CVE-2017-9787, CVE-2017-9791, CVE-2017-9793, CVE-2017-9804, and CVE-2017-12611. Oracle just published Security Alert CVE-2017-9805* in order to distribute these fixes to our customers. Please refer to the Security Alert advisory* for the technical details of these bugs as well as the CVSS Base Score information. Oracle strongly recommends that customers apply the fixes contained in this Security Alert as soon as possible. Furthermore, Oracle reminds customers that they should keep up with security releases and should have applied the July 2017 Critical Patch Update** (the most recent Critical Patch Update release).
The next Critical Patch Update release is on October 17, 2017.."
* http://www.oracle.co...05-3889403.html

** http://www.oracle.co...17-3236622.html

> https://nvd.nist.gov...l/CVE-2017-5638
Last Modified: 09/22/2017
CVSS v3 Base Score: 10.0 Critical

> https://nvd.nist.gov...l/CVE-2017-9805
Last revised: 09/21/2017
This vulnerability is currently awaiting analysis.

Text Form of Oracle Security Alert - CVE-2017-9805 Risk Matrices
> http://www.oracle.co...se-3889406.html
"This document provides the text form of the CVE-2017-9805 Advisory Risk Matrices. Please note that the CVE numbers in this document correspond to the same CVE numbers in the CVE-2017-9805 Advisory.
This page contains the following text format Risk Matrices:
    Oracle Siebel CRM
    Oracle Communications Applications
    Oracle Financial Services Applications
    Oracle Fusion Middleware
    Oracle MySQL
    Oracle Retail Applications ..."

Oracle downloads: https://www.oracle.c...oads/index.html

- https://www.us-cert....curity-Bulletin
Oct 17, 2017

Oracle Fusion Middleware
- http://www.oracle.co...tml#AppendixFMW

- https://isc.sans.edu/diary/rss/22984

- https://www.us-cert....curity-Bulletin
Oct 30, 2017

:ninja: :ninja: :ninja:

Edited by AplusWebMaster, 30 October 2017 - 03:09 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...

Member of UNITE
Support SpywareInfo Forum - click the button