Security Alerts Archive

This page provides an archive index of Security Alerts issued before 2006.

Security Alerts

Before 2005, Security Alerts were the primary means of releasing security fixes for Oracle products. Each Security Alert has a severity rating indicating the security risk of the vulnerabilities within the alert. The Security Alerts first released prior to 2006 are referenced in the following table. Click here for definitions of the severity ratings.

Security Alert Number And Description MetaLink Note ID Latest Version/Date
Alert 68, Oracle Security Update 281188.1 Rev 4, 2 March 2005
Alert 67, Unauthorized Access Vulnerabilities in Oracle E-Business Suite 274356.1 Rev 1, 3 June 2004
Alert 66, Security Vulnerabilities in Oracle Application Server Web Cache 265308.1 Rev 2, 2 April 2004
Alert 65, Security Vulnerability in Oracle9i Application and Database Servers 258997.1 Rev 4, 2 June 2004
Alert 64, Security Vulnerabilities in Oracle9i Database Server 263508.1 Rev 2, 20 May 2004
Alert 63, Security Vulnerabilities in Oracle9i Lite 263509.1 Rev 1, 18 February 2004
Alert 62, SSL Update for CERT CA-2003-26 and older SSL issues 258996.1 Rev 1, 04 December 2003
Alert 61, SQL Injection Vulnerability in Oracle9i Application Server 253982.1 Rev 3, 13 November 2003
Alert 60, Unauthorized Access to Restricted Content in Oracle Files 252706.1 Rev 1, 28 October 2003
Alert 59, Buffer Overflow in Oracle Database Server Binaries 251910.1 Rev 3, 13 November 2003
Alert 58, Buffer Overflow in the XML Database of Oracle9i Database Server 246202.1 Rev 1, 18 August 2003
Alert 57, Buffer Overflows in EXTPROC of Oracle Database Server 244523.1 Rev 2, 07 August 2003
Alert 56, Buffer Overflow Vulnerability in Oracle E-Business Suite 244335.1 Rev 1, 23 July 2003
Alert 55, Unauthorized Disclosure of Information in Oracle E-Business Suite 244294.1 Rev 1, 23 July 2003
Alert 54, Buffer Overflow in Net Services for Oracle Database Server 237172.1 Rev 2, 30 April 2003
Alert 53, Report Review Agent Vulnerability in Oracle E-Business Suite 235262.1 Rev 1, 10 April 2003
Alert 52, Security Vulnerabilities in Oracle9i Application Server 229288.1 Rev 3, 03 March 2003
Alert 51, Buffer Overflow in ORACLE executable of Oracle9i Database Server 229287.1 Rev 6, 18 April 2003
Alert 50, Buffer Overflow in Oracle9i Database Server 229286.1 Rev 6, 18 April 2003
Alert 49, Buffer Overflow in Oracle9i Database Server 229285.1 Rev 6, 18 April 2003
Alert 48, Buffer Overflow in Oracle9i Database Server 229284.1 Rev 6, 18 April 2003
Alert 47, Security Vulnerabilities in Oracle9i Application Server 224215.1 Rev 3, 23 July 2003
Alert 46, Buffer Overflow iniSQL*Plus (Oracle9i Database Server) 216775.1 Rev 3, 11 November 2002
Alert 45, Security Release of Apache 1.3.27 214356.1 Rev 6, 20 May 2004
Alert 44, Unauthorized Access Vulnerability in Oracle E-Business Suite, Release 11i 213415.1 Rev 1, 04 October 2002
Alert 43, Oracle9iApplication Server Web Cache Administration Tool Vulnerability 213413.1 Rev 1, 04 October 2002
Alert 42, Denial of Services Against Oracle Net Services 213411.1 Rev 3, 16 December 2002
Alert 41, Oracle9iApplication Server Oracle Java Server Pages Demo Vulnerability 207272.1 Rev 1, 14 August 2002
Alert 40, Oracle Net Listener Vulnerabilities 207269.1 Rev 3, 08 August 2002
Alert 39, Web Cache Oracle9i Application Server Password Vulnerability 207271.1 Rev 1, 08 August 2002
Alert 38, Oracle Net Denial of Service Security Vulnerability 207268.1 Rev 3, 08 August 2002
Alert 37, OpenSSL Buffer Overflow 206034.1 09 August 2002
Alert 36, Security Vulnerability in Apache HTTP Server of Oracle9i Application Server 200873.1 12 July 2002
Alert 35, Buffer Overflow Vulnerability in Oracle9iAS Reports Server 198531.1 05 June 2002
Alert 34, Buffer Overflow Vulnerability in Oracle Net (Oracle9i Database Server) 198544.1 05 June 2002
Alert 33, User Privileges Vulnerability in Oracle9i Database Server 185074.1 17 April 2002
Alert 32, Unauthorized Access Vulnerability in the Oracle E-business Suite 185073.1 17 April 2002
Alert 31, Oracle Configurator Cross Site Scripting Vulnerability 182244.1 01 April 2002
Alert 30, SNMP Vulnerability in Oracle Enterprise Manager, Master_Peer Agent, for Oracle9i Database 183556.1 05 March 2002
Alert 29, Vulnerability in PL/SQL EXTPROC in Oracle9i Database 175429.1 07 August 2003
Alert 28, Vulnerabilities in Oracle mod_plsql and JSP in Oracle9i Application Server 175428.1 05 July 2002
Alert 27, Vulnerabilities in Oracle9i Application Server Webcache 169628.1 28 December 2001
Alert 26, Denial of Service against Oracle9i Application Server 168862.1 04 June 2004
Alert 25, Vulnerabilities in mod_plsql 168863.1 04 June 2001
Alert 24 was never released - -
Alert 23, Oracle Database Server DBSNMP Vulnerabilities 167001.1
167004.1
167007.1
01 May 2002
01 May 2002
01 May 2002
Alert 22, Oracle9i Application Server Default SOAP Configuration 166869.1 23 September 2002
Alert 21, Oracle Label Security Mandatory Security Patch 163726.1 18 October 2001
Alert 20, Oracle File Overwrite Security Vulnerability 163727.1 18 October 2001
Alert 19, Oracle Trace Collection Security Vulnerability 163728.1 29 November 2001
Alert 18, Oracle9iAS Web Cache Overflow Vulnerability 163729.1 18 October 2001
Alert 17, Oracle Internet Directory Buffer Overflow Vulnerability 152780.1 03 October 2001
Alert 16, Oracle SQL*Net and Net8 Malformed Packet Denial of Service Vulnerability 151260.1 05 September 2002
Alert 15, Buffer Overflow Vulnerability in the Oracle8i Listener 151259.1 05 September 2002
Alert 14, Oracle SQL*Net/Net8 Denial of Service Vulnerabilities 151261.1
151290.1
151291.1
151292.1
03 February 2002
03 February 2002
05 September 2002
05 September 2002
Alert 13, Oracle Redirect Denial of Service Vulnerability 153289.1 21 November 2001
Vulnerability in Oracle E-Business Suite Release 11i Applications Desktop Integrator No MetaLink Note 21 May 2001
Forms Launched Insecurely from Oracle E-Business Suite No MetaLink Note 30 April 2001
Oracle JVM FilePermission Vulnerability No MetaLink Note 13 February 2001
Security Bug with JSPs and the Oracle 8.1.7 Directory Traversal Vulnerability 135885.1 03 November 2004
Unintended Execution of Oracle JSP No MetaLink Note 13 February 2001
Oracle XSQL Servlet Vulnerability No MetaLink Note 23 January 2001
Oracle Connection Manager Control SUID No MetaLink Note 31 January 2001
Oracle Internet Directory Buffer Overflows No MetaLink Note 31 January 2001
mod_plsql exclusion_list Announcement No MetaLink Note 10 January 2001
Oracle Internet Application Server No MetaLink Note 28 December 2000
Oracle Enterprise Manager Backup and Recovery 130119.1 12 April 2002
Vulnerability in the Oracle Listener 124742.1 22 July 2004
Oracle Application Server: Remote Command Execution 108139.1 04 February 2002
Unprotected Oracle Installer File No MetaLink Note 14 April 2000

MetaLink Security Notes

Between October 2002 and March 2003, Oracle published some security advisory information as MetaLink Security Notes. These notes are listed in the following table.

Security Note Description MetaLink Note ID Latest Version/Date
Security Vulnerability in E-Business Suite Release 11i 229257.1 03 March 2003
Security Weakness in Business Intelligence Reports 222438.1 04 December 2002
Vulnerability in Oracle9iAS Portlet Repository 216501.1 29 October 2002
Vulnerability in Oracle9iAS Portal and Single Sign-on Server 216493.1 29 October 2002
Unified Messaging/OID Default Access Control Policies Vulnerability 212934.1 02 October 2002
Oracle9iR2 ALTER SESSION Privilege Vulnerability 210317.1 09 October 2002