Imperva Application Defense Center Outlines Steps to Defend Against Vulnerabilities Left Open by Critical Patch Update
WHO:
Amichai Shulman, CTO, Imperva
Imperva Application Defense Center (ADC)
WHAT:
Researchers claim that for at least some Oracle versions the Critical Patch Update (CPU) released on April 18, 2006, does not completely fix the published vulnerabilities. In addition, there are no available patches for the Oracle 10g Express Edition, although it is vulnerable to at least some of the flaws mentioned in the CPU. The Imperva ADC has developed and made publicly available a security advisory that discusses these unsecured vulnerabilities and available workarounds.
WHERE:
Oracle Critical Patch Update
Imperva Security Advisory
WHEN:
Oracle released the Critical Patch Update on April 18th, 2006.
HOW:
ADC conducts ongoing research into database security issues, and discovered the workarounds during an in-depth analysis of this Oracle CPU. ADC’s research findings are used to enhance the SecureSphere product line with next generation attack detection and protection features.
About the Imperva Application Defense Center
Imperva’s Application Defense Center (ADC) is a research and professional services organization dedicated to building the most advanced application security knowledge base in the world. The ADC has over 20 years combined experience in application and database security research. ADC research combines extensive lab work with hands-on practice in real world environments, including penetration testing for selected customers. ADC findings include discovery of over 50 commercial application vulnerabilities of which 18 have been published.
About Imperva
Imperva is the leader in application data security and compliance. Leading enterprise and government organizations worldwide rely on Imperva to prevent data theft and abuse, and ensure data integrity. The company’s SecureSphere products provide data governance and protection solutions that monitor, audit and secure business applications and databases. For more information, visit www.imperva.com
# # #
Imperva and SecureSphere are trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.
Editorial Contact
Marc Gendron
(781) 237-0341
marc@mqpr.net