On 9 November 2004, in a conversation with Gartner, Oracle declined to provide more detailed information about vulnerabilities its security patch 68 is meant to fix. (This is Oracle's standard policy.) Oracle first issued the security patch on 31 August 2004, and reissued the warning on 14 October after proof of concept exploit code began circulating on the Internet. The patch affects Oracle Database Server, Oracle Application Server and Oracle Enterprise Manager. Oracle gives these patches its most serious "Severity 1" rating.
The article continues at http://www3.gartner.com/DisplayDocument?ref=g_search&id=460726