Bug : https://ossindex.sonatype.org/vuln/13c08df7-cb05-4377-8d6d-dd83d77195c2 #35
Comments
baraths84
changed the title
|
Based on this part of the oracle advisory you linked, it seems that the jdbc drivers are or were part of the problem for this particular vulnerability. Unfortunately the advisory does not provide enough information for us to be able to tell exactly what the problem is, and therefore cannot advise you on how you might be able to proceed while still using these versions of the drivers.
I might be reading this page wrong, but it looks like the impacted jdbc drivers have not been upgraded, even on the Oracle site: https://www.oracle.com/database/technologies/appdev/jdbc-downloads.html There do appear to be new drivers available, under the "ojdbc8" name, perhaps. You can see information on this page: https://blogs.oracle.com/dev2dev/get-oracle-jdbc-drivers-and-ucp-from-oracle-maven-repository-without-ides However, I cannot comment on whether these drivers work with older versions of the Oracle database or not. Sorry I cannot provide more guidance :( |
|
Cleaning up some older tickets. Closed due to not being a bug in this case, I think. If you disagree feel free to reopen. |
Vulnerability URL
Description
While analyzing vulnerabilities for my project for java dependencies (.jar) - ojdbc7 - version 12.1.0.1 reported for HIGH risk issue. This seems a database server issue based on my understanding based on the advisory from here
https://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
Reason : Since the issue was reported in July 2016 , there is no patch seems available till date from maven repository. Please advise @ken-duck
The text was updated successfully, but these errors were encountered: