Jake Paul vs. Ben Askren fight memes LG G1 OLED TV review SpaceX to send Artemis astronauts to moon Game of Thrones at 10 Apple's April 20 iPad event Child tax credit's monthly check

Oracle critiqued again over patching speed

Bug hunter David Litchfield releases details on a flaw in Oracle products on a mailing list.

Bug hunter David Litchfield on Wednesday provided limited details on a new, unpatched security flaw in Oracle software. The problem lies in the PLSQL Gateway, a component of the Oracle Internet Application Server, the Oracle Application Server and the Oracle HTTP Server, he said in an e-mail to the BugTraq mailing list. Litchfield is co-founder of U.K.-based Next Generation Security Software and one of Oracle's most vocal critics.

The flaw can be exploited by an attacker to gain full administrator-level control of a database server through a Web server, Litchfield wrote. He provides a workaround in the mail so Oracle users can protect themselves against attacks. The flaw was reported to Oracle on Oct. 26. Litchfield had hoped that Oracle would provide a fix or a workaround on its recent patch release day. "They failed to do so," he wrote.