Oracle has released an advisory to address a vulnerability in Java VM component of Oracle Databases Server. An authenticated remote attacker can exploit the vulnerability via Oracle NET for complete compromise of the Oracle Database.
Successful exploitation could lead to take control of an affected system.
Patches for affected systems are available. Users of the affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
For Oracle Database version 11.2.0.4 and 12.2.0.1 on Windows, please refer to the following link:
http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-3110-5032149.html
For Oracle Database version 12.1.0.2 on Windows or any version of the database on Linux or Unix, the corresponding patches has been included in the July 2018 Critical Patch Update (CPU). This CPU was covered in our security alert A18-07-06.
Users may contact their product support vendors for the fixes and assistance.
http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-3110-5032149.html
http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-3110-verbose-5032194.html
https://www.hkcert.org/my_url/en/alert/18081401
https://www.us-cert.gov/ncas/current-activity/2018/08/13/Oracle-Releases-Security-Alert
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3110