Imperva ADC Discovers and Helps Oracle Address Critical Security Flaw

ADC Submitted Access Control Bypass Vulnerability to Oracle;
                Critical Patch Update Released Tuesday
--(Business Wire)--
Imperva:

-0-
*T
WHO:       Imperva Application Defense Center (ADC), Imperva's
            independent research organization.

WHAT:      Discovered an access control bypass vulnerability that
            affects all Oracle versions up to 10gR2. This
            vulnerability can be exploited to extract information from
            any table in a database server by unauthorized users. The
            vulnerability is in the Direct Path Export functionality.
            Oracle issued a Critical Patch Update Tuesday that
            addresses this vulnerability and others.

           Imperva SecureSphere Database Security Gateway appliances
            can protect Oracle products against this flaw until it is
            patched. For more details on this vulnerability see the
            Imperva Security Advisory at the link below.

WHERE:     The Oracle Critical Patch Update is located at:
           http://www.oracle.com/technology/deploy/security/ critical-
            patch-updates/cpuapr2008.html
           The Imperva Security Advisory is available at:
           http://www.imperva.com/resources/adc/adc_advisories_oracle-
            dbms-04172008.html

WHEN:      Imperva today made available a Security Advisory on this
            vulnerability. Oracle released the Critical Patch Update
            on April 15th, 2008.

HOW:       To speak with Amichai Shulman, Director of the ADC and
            Imperva CTO, contact Marc Gendron at 781-237-0341, or
            marc@mgpr.net. ADC conducts ongoing research into database
            security issues, and discovered this vulnerability during
            an in-depth analysis of the Oracle Database platform.
            ADC's research findings are used to enhance the
            SecureSphere product line with next generation attack
            detection and protection features.
*T

   About the Imperva Application Defense Center

   Imperva's independent research organization, the Application
Defense Center (ADC), is internationally recognized for security
analysis, vulnerability discovery, and compliance expertise. ADC
research combines extensive lab work with hands-on testing in real
world environments to ensure that Imperva's products have the most
advanced technology, up-to-date threat protection, and unparalleled
compliance automation. The ADC has discovered over 60 commercial
application vulnerabilities and having issued numerous security
advisories, the ADC offers exceptional insight into both published and
unpublished security threats.

   About Imperva

   Imperva is the leader in application data security and compliance
for the data center. Leading enterprise and government organizations
worldwide rely on Imperva to prevent data theft and abuse, and ensure
data integrity. The company's SecureSphere products provide data
governance and protection solutions that monitor, audit and secure
business applications and databases against insider abuse and external
data theft via web applications. For more information, visit
www.imperva.com.

Marc Gendron Public Relations
Marc Gendron, 781-237-0341
marc@mgpr.net

Copyright Business Wire 2008