SHARE
Facebook X Pinterest WhatsApp

Oracle Plugs 51 DB, Server Holes

Oracle has released its first critical patch update for 2007, with fixes for a total of 51 security vulnerabilities in a wide range of enterprise products. The Redwood City, Calif., database server giant’s patch batch covers serious holes in Oracle Database, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite and Applications, Oracle Enterprise Manager […]

Written By
thumbnail Ryan Naraine
Ryan Naraine
Jan 16, 2007
Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Oracle has released its first critical patch update for 2007, with fixes for a total of 51 security vulnerabilities in a wide range of enterprise products.

The Redwood City, Calif., database server giant’s patch batch covers serious holes in Oracle Database, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite and Applications, Oracle Enterprise Manager and Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne.

The most serious of the 51 flaws carry a CVSS (Common Vulnerability Scoring Standard) base score of 7.0.

“Due to the threat posed by a successful attack, Oracle strongly recommends that fixes are applied as soon as possible,” the company said in its quarterly advisory.

The company said 28 of the 51 flaws affect its flagship Oracle Database. Among that batch of patches is a high-severity issue that can be “remotely exploitable without authentication.”

This means a successful attacker can launch an exploit over a network without the need for a user name and password.

There are nine patches for the Oracle HTTP Server, which is an optional product that is not installed by default with the Oracle Database. Eight of the nine can be exploited remotely without user credentials, the company warned.

The January 2007 patch update also provides fixes for a dozen new security flaws in the Oracle Application Server, eight of which may be remotely exploitable without authentication.

Check out eWEEK.com’s Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraine’s eWEEK Security Watch blog.

Recommended for you...

BlackFog & Exertis Enterprise Ink Distribution Deal
Victoria Durgin
Sep 16, 2025
Proofpoint Intros Agentic AI-Based Compliance Offering
Jordan Smith
Sep 16, 2025
Simbian Partnering With Wipro on AI SOC Tech
Jordan Smith
Sep 16, 2025
Eaton Announces Solution to Mitigate AI Power Bursts
Jordan Smith
Sep 15, 2025
Channel Insider Logo

Channel Insider combines news and technology recommendations to keep channel partners, value-added resellers, IT solution providers, MSPs, and SaaS providers informed on the changing IT landscape. These resources provide product comparisons, in-depth analysis of vendors, and interviews with subject matter experts to provide vendors with critical information for their operations.

Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.