Security Alerts Archive

This page provides an archive index of Security Alerts issued before 2006.

Security Alerts

Before 2005, Security Alerts were the primary means of releasing security fixes for Oracle products. Each Security Alert has a severity rating indicating the security risk of the vulnerabilities within the alert. The Security Alerts first released prior to 2006 are referenced in the following table. Click here for definitions of the severity ratings.

Security Alert Number And Description	MetaLink Note ID	Latest Version/Date
Alert 68, Oracle Security Update	281188.1	Rev 4, 2 March 2005
Alert 67, Unauthorized Access Vulnerabilities in Oracle E-Business Suite	274356.1	Rev 1, 3 June 2004
Alert 66, Security Vulnerabilities in Oracle Application Server Web Cache	265308.1	Rev 2, 2 April 2004
Alert 65, Security Vulnerability in Oracle9i Application and Database Servers	258997.1	Rev 4, 2 June 2004
Alert 64, Security Vulnerabilities in Oracle9i Database Server	263508.1	Rev 2, 20 May 2004
Alert 63, Security Vulnerabilities in Oracle9i Lite	263509.1	Rev 1, 18 February 2004
Alert 62, SSL Update for CERT CA-2003-26 and older SSL issues	258996.1	Rev 1, 04 December 2003
Alert 61, SQL Injection Vulnerability in Oracle9i Application Server	253982.1	Rev 3, 13 November 2003
Alert 60, Unauthorized Access to Restricted Content in Oracle Files	252706.1	Rev 1, 28 October 2003
Alert 59, Buffer Overflow in Oracle Database Server Binaries	251910.1	Rev 3, 13 November 2003
Alert 58, Buffer Overflow in the XML Database of Oracle9i Database Server	246202.1	Rev 1, 18 August 2003
Alert 57, Buffer Overflows in EXTPROC of Oracle Database Server	244523.1	Rev 2, 07 August 2003
Alert 56, Buffer Overflow Vulnerability in Oracle E-Business Suite	244335.1	Rev 1, 23 July 2003
Alert 55, Unauthorized Disclosure of Information in Oracle E-Business Suite	244294.1	Rev 1, 23 July 2003
Alert 54, Buffer Overflow in Net Services for Oracle Database Server	237172.1	Rev 2, 30 April 2003
Alert 53, Report Review Agent Vulnerability in Oracle E-Business Suite	235262.1	Rev 1, 10 April 2003
Alert 52, Security Vulnerabilities in Oracle9i Application Server	229288.1	Rev 3, 03 March 2003
Alert 51, Buffer Overflow in ORACLE executable of Oracle9i Database Server	229287.1	Rev 6, 18 April 2003
Alert 50, Buffer Overflow in Oracle9i Database Server	229286.1	Rev 6, 18 April 2003
Alert 49, Buffer Overflow in Oracle9i Database Server	229285.1	Rev 6, 18 April 2003
Alert 48, Buffer Overflow in Oracle9i Database Server	229284.1	Rev 6, 18 April 2003
Alert 47, Security Vulnerabilities in Oracle9i Application Server	224215.1	Rev 3, 23 July 2003
Alert 46, Buffer Overflow iniSQL*Plus (Oracle9i Database Server)	216775.1	Rev 3, 11 November 2002
Alert 45, Security Release of Apache 1.3.27	214356.1	Rev 6, 20 May 2004
Alert 44, Unauthorized Access Vulnerability in Oracle E-Business Suite, Release 11i	213415.1	Rev 1, 04 October 2002
Alert 43, Oracle9iApplication Server Web Cache Administration Tool Vulnerability	213413.1	Rev 1, 04 October 2002
Alert 42, Denial of Services Against Oracle Net Services	213411.1	Rev 3, 16 December 2002
Alert 41, Oracle9iApplication Server Oracle Java Server Pages Demo Vulnerability	207272.1	Rev 1, 14 August 2002
Alert 40, Oracle Net Listener Vulnerabilities	207269.1	Rev 3, 08 August 2002
Alert 39, Web Cache Oracle9i Application Server Password Vulnerability	207271.1	Rev 1, 08 August 2002
Alert 38, Oracle Net Denial of Service Security Vulnerability	207268.1	Rev 3, 08 August 2002
Alert 37, OpenSSL Buffer Overflow	206034.1	09 August 2002
Alert 36, Security Vulnerability in Apache HTTP Server of Oracle9i Application Server	200873.1	12 July 2002
Alert 35, Buffer Overflow Vulnerability in Oracle9iAS Reports Server	198531.1	05 June 2002
Alert 34, Buffer Overflow Vulnerability in Oracle Net (Oracle9i Database Server)	198544.1	05 June 2002
Alert 33, User Privileges Vulnerability in Oracle9i Database Server	185074.1	17 April 2002
Alert 32, Unauthorized Access Vulnerability in the Oracle E-business Suite	185073.1	17 April 2002
Alert 31, Oracle Configurator Cross Site Scripting Vulnerability	182244.1	01 April 2002
Alert 30, SNMP Vulnerability in Oracle Enterprise Manager, Master_Peer Agent, for Oracle9i Database	183556.1	05 March 2002
Alert 29, Vulnerability in PL/SQL EXTPROC in Oracle9i Database	175429.1	07 August 2003
Alert 28, Vulnerabilities in Oracle mod_plsql and JSP in Oracle9i Application Server	175428.1	05 July 2002
Alert 27, Vulnerabilities in Oracle9i Application Server Webcache	169628.1	28 December 2001
Alert 26, Denial of Service against Oracle9i Application Server	168862.1	04 June 2004
Alert 25, Vulnerabilities in mod_plsql	168863.1	04 June 2001
Alert 24 was never released	-	-
Alert 23, Oracle Database Server DBSNMP Vulnerabilities	167001.1 167004.1 167007.1	01 May 2002 01 May 2002 01 May 2002
Alert 22, Oracle9i Application Server Default SOAP Configuration	166869.1	23 September 2002
Alert 21, Oracle Label Security Mandatory Security Patch	163726.1	18 October 2001
Alert 20, Oracle File Overwrite Security Vulnerability	163727.1	18 October 2001
Alert 19, Oracle Trace Collection Security Vulnerability	163728.1	29 November 2001
Alert 18, Oracle9iAS Web Cache Overflow Vulnerability	163729.1	18 October 2001
Alert 17, Oracle Internet Directory Buffer Overflow Vulnerability	152780.1	03 October 2001
Alert 16, Oracle SQL*Net and Net8 Malformed Packet Denial of Service Vulnerability	151260.1	05 September 2002
Alert 15, Buffer Overflow Vulnerability in the Oracle8i Listener	151259.1	05 September 2002
Alert 14, Oracle SQL*Net/Net8 Denial of Service Vulnerabilities	151261.1 151290.1 151291.1 151292.1	03 February 2002 03 February 2002 05 September 2002 05 September 2002
Alert 13, Oracle Redirect Denial of Service Vulnerability	153289.1	21 November 2001
Vulnerability in Oracle E-Business Suite Release 11i Applications Desktop Integrator	No MetaLink Note	21 May 2001
Forms Launched Insecurely from Oracle E-Business Suite	No MetaLink Note	30 April 2001
Oracle JVM FilePermission Vulnerability	No MetaLink Note	13 February 2001
Security Bug with JSPs and the Oracle 8.1.7 Directory Traversal Vulnerability	135885.1	03 November 2004
Unintended Execution of Oracle JSP	No MetaLink Note	13 February 2001
Oracle XSQL Servlet Vulnerability	No MetaLink Note	23 January 2001
Oracle Connection Manager Control SUID	No MetaLink Note	31 January 2001
Oracle Internet Directory Buffer Overflows	No MetaLink Note	31 January 2001
mod_plsql exclusion_list Announcement	No MetaLink Note	10 January 2001
Oracle Internet Application Server	No MetaLink Note	28 December 2000
Oracle Enterprise Manager Backup and Recovery	130119.1	12 April 2002
Vulnerability in the Oracle Listener	124742.1	22 July 2004
Oracle Application Server: Remote Command Execution	108139.1	04 February 2002
Unprotected Oracle Installer File	No MetaLink Note	14 April 2000

MetaLink Security Notes

Between October 2002 and March 2003, Oracle published some security advisory information as MetaLink Security Notes. These notes are listed in the following table.

Security Note Description	MetaLink Note ID	Latest Version/Date
Security Vulnerability in E-Business Suite Release 11i	229257.1	03 March 2003
Security Weakness in Business Intelligence Reports	222438.1	04 December 2002
Vulnerability in Oracle9iAS Portlet Repository	216501.1	29 October 2002
Vulnerability in Oracle9iAS Portal and Single Sign-on Server	216493.1	29 October 2002
Unified Messaging/OID Default Access Control Policies Vulnerability	212934.1	02 October 2002
Oracle9iR2 ALTER SESSION Privilege Vulnerability	210317.1	09 October 2002

E-mail this page

Printer View

Oracle Cloud

Java

Customer and Events

Communities

Services and Store

Log In to My Oracle Support
Training and Certification
Become a Partner
Find a Partner Solution
Purchase from the Oracle Store
Contact and Chat
Phone: 800-633-0738
Global Contacts
Oracle Support
Partner Support

Products and Services

Solutions

Downloads

Store

Support

Training

Partners

About

Oracle Technology Network