Oracle has warned its customers of critical flaws in the security technology of some of its application and database server products.
The flaws are in the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) of Oracle 8i and 9i Database Server, Oracle 9i Application Server, and versions 8 and 9 of the Oracle HTTP Server.
If exploited, the flaws can allow a client to take over the server.
In a statement, the company said: "Oracle is informing customers about SSL vulnerabilities detailed in Cert Advisory CA-2003-26 and SSL vulnerabilities detailed in several older Common Vulnerabilities and Exposures candidates.
"Oracle recommends that customers apply the patches for these vulnerabilities."
SSL and TLS are both widely used for protecting data transferred over the internet. In order to take advantage of the vulnerability, hackers would have to create a specially crafted X.509 certificate, which would allow server control.
"Oracle has always been strong on security so this is a surprise," said Professor Neil Barrett, technical director at Information Risk Management.
"Long before Microsoft got into Trusted Computing Oracle was running a well respected security programme, and they're well known for writing secure code."
Further information, and patches for the flaws, can be downloaded here.
New technique could enable quantum computers to scale-up to millions of qubits
Systrom and Krieger taking time off "to explore our curiosity and creativity"
Comcast's £29.7bn winning bid more than twice the £13.7bn Rupert Murdoch valued Sky at just eight years ago
A nuclear strike has been considered, but Bruce Willis is nowhere in sight