Oracle Security Patched DB Driver Not Working

XMLWordPrintable

    • 1
    • Severity 2 - Major

      Issue Summary

      Following a recent security patch by Oracle for the ojdbc6.jar driver as fix for CVE-2016-3506. (p23727132_112040_Generic.zip, available in Oracle Support download area), applying the patch to Confluence breaks Confluence with Confluence throwing:

      Caused by: java.sql.SQLException: Invalid argument(s) in call
    at oracle.jdbc.OracleDatabaseMetaData.getTables(OracleDatabaseMetaData.java:2991)
    at org.apache.commons.dbcp.DelegatingDatabaseMetaData.getTables(DelegatingDatabaseMetaData.java:604)
    at net.java.ao.db.OracleDatabaseProvider.getSequences(OracleDatabaseProvider.java:93)
    at net.java.ao.schema.helper.DatabaseMetaDataReaderImpl.getSequenceNames(DatabaseMetaDataReaderImpl.java:222)
    ... 60 more

      Step to Reproduce

      1. Install the new driver by replacing the bundled driver which is located in: Confluence installation/lib folder.
      2. Restart Confluence.
      3. Attempt to login into Confluence once it is up and running.

      Expected Behavior

      The user would be able to login with no problems.

      Actual Behavior

      The user gets a 500 page error with the logs mentioned above.

      Note

      When user reverts back to using the bundled driver, things work fine again.

        1. ojdbc6-cve-2016-3506.jar
          2.63 MB

              Assignee:
              Feng Xu (Inactive)
              Reporter:
              Omar Raissi (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: