Home > In the News > Imperva Discovers and Helps Oracle Address Critical Authentication Vulnerability in Database Products

Press Release

Jan 17, 2006

Imperva Discovers and Helps Oracle Address Critical Authentication Vulnerability in Database Products

Press Release

Jan 17, 2006

Application Defense Center Submitted Access Control Bypass Flaw to Oracle; Critical Update Patch Released Today

WHO:

Imperva Application Defense Center (ADC)

WHAT:

Discovered vulnerability in Oracle Databases that enables any user with basic access privileges to assume the role of database administrator. In addition, any activity performed by the user while exploiting this flaw is not recorded by the database server’s built-in auditing mechanisms. Oracle released a Critical Patch Update today that addresses this vulnerability. The Imperva SecureSphere Database Security Gateway automatically protects Oracle products against this vulnerability. These protection capabilities are outlined in the Imperva Security Advisory entitled “Oracle DBMS Critical Access Control Bypass in Login Bug”.

WHERE:

The Oracle Critical Patch Update is located at:
http://www.oracle.com/technology/deploy/security/alerts.htm
The Imperva Security Advisory is available at: http://www.imperva.com/application_defense_center/papers/oracle-dbms-01172006.html

WHEN:

Oracle released the Critical Patch Update today, January 17th, 2006.

HOW:

ADC conducts ongoing research into database security issues, and discovered this vulnerability during an in-depth analysis of log-in mechanisms and protocols. ADC’s research findings are used to enhance the SecureSphere product line with next generation attack detection and protection features.

About the Imperva Application Defense Center

Imperva’s Application Defense Center (ADC) is a research and professional services organization dedicated to building the most advanced application security knowledge base in the world. The ADC has over 20 years combined experience in application and database security research. ADC research combines extensive lab work with hands-on practice in real world environments, including penetration testing for selected customers. ADC findings include discovery of over 50 commercial application vulnerabilities of which 18 have been published.

About Imperva

Imperva is the leader in application data security and compliance. Leading enterprise and government organizations worldwide rely on Imperva to prevent data theft and abuse, and ensure data integrity. The company’s SecureSphere products provide data governance and protection solutions that monitor, audit and secure business applications and databases. For more information, visit www.imperva.com

# # #

Imperva and SecureSphere are trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders.

Editorial Contact

Marc Gendron
(781) 237-0341
marc@mqpr.net

Press Contact

impervaPR@imperva.com

This is for media inquiries only. For product and sales, please call: +1.866.926.4678.

Contact PR

The importance of a resilient CDN for digital performance

Imperva named a security leader in the SecureIQlab CyberRisk Report

IDC Spotlight: Effective Multicloud Data Security

Global DDoS Threat Landscape Report

The State of Security within eCommerce 2022

Imperva reimagines partner program: Imperva Accelerate

Protect your Cloudera data with Imperva

Quálitas continues its quality services using Imperva Application Security

Discovery Inc. tackles data compliance in public cloud

New Vulnerability in Popular Widget Shows Risks of Third-Party Code

Cyber Threat Index

Browse the Imperva Learning Center for the latest cybersecurity topics

Imperva ESG Reports