This CPU contains fix for vulnerability in Oracle Application Server founded by Alexander Polyakov from ERPScan. This vulnerability allows remote attacker gain access to administrators session.

Also in this CPU Oracle provides recognition to ERPScan in Security-In-Depth program (see FAQ) for vulnerabilities in Oracle BEA Weblogic 10 and Oracle Database 11g. People are recognized for Security-In-Depth contributions if they provide information, observations or suggestions pertaining to security vulnerability issues that result in significant modification of Oracle code or documentation in future releases, but are not of such a critical nature that they are distributed in Critical Patch Updates. Additional information about vulnerabilities:

Early ERPScan received recognition in “Oracle Critical Patch Update Advisory — July 2008”. First time Oracle thanked ERPScan researchers in “Oracle Critical Patch Update Advisory — January 2008”.