The History of the Oracle PLSQL Gateway Flaw

In the past few days Oracle has criticized me for publishing a workaround for a critical flaw in their PLSQL Gateway. This email will show that after 4 years of waiting for Oracle to try to get it right, I eventually decided to take matters into my own hands and provide Oracle customers with more...

More on the workaround for the unpatched Oracle PLSQL Gateway flaw

According to Oracle, the workaround I posted, that prevents exploitation of a critical vulnerability that Oracle has so far failed to fix, breaks certain applications that sits atop their PLSQL Gateway. Though my workaround prevents exploitation of the critical flaw and thus protects vulnerable...

Workaround for unpatched Oracle PLSQL Gateway flaw

There's a critical flaw in the Oracle PLSQL Gateway, a component of iAS, OAS and the Oracle HTTP Server, that allows attackers to bypass the PLSQLExclusion list and gain access to "excluded" packages and procedures. This can be exploited by an attacker to gain full DBA control of the backend...