what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

oracle-multi.txt

oracle-multi.txt
Posted Jul 25, 2007
Authored by Stephen Kost, Jack Kanter | Site integrigy.com

Multiple security vulnerabilities have been corrected in the Oracle Business Suite 11i and R12 as part of July 2007 Oracle Critical Patch Update (CPU). These include SQL injection and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, sql injection
advisories | CVE-2007-3865, CVE-2007-3866, CVE-2007-3867
SHA-256 | 351c01823ab7ff21020c389c6441d2e3d3cd29cb6947a08a05655b437ac95282
Download | Favorite | View

oracle-multi.txt

Change Mirror Download
Multiple security vulnerabilities have been corrected in the Oracle Business
Suite 11i and R12 as part of July 2007 Oracle Critical Patch Update (CPU).
All Internet accessible environments should prioritize patch 6045931
(APPS04/05/06) in order to correct multiple vulnerabilities in the On-line
help or temporarily disable the help functionality using the Oracle supplied
"URL Firewall".

APPS01 / CVE-2007-3865
Customer Intelligence (BIC) (R12 only)
SQL Injection

APPS02 / CVE-2007-3866
Configurator (CZ)
Cross Site Scripting

APPS03 / CVE-2007-3866
Internet Expenses (AP)
Cross Site Scripting

APPS04 / CVE-2007-3867
APPS05 / CVE-2007-3867
APPS06 / CVE-2007-3867
On-line Help (FND)
SQL Injection, Cross Site Scripting (multiple), Information Disclosure

APPS07 / CVE-2007-3867
Customer Intelligence (BIC)
SQL Injection

APPS08 / CVE-2007-3867
iPayment (IBY)
Information Disclosure

APPS09 / CVE-2007-3866
Application Object Library (FND)
SQL Injection

APPS10 / CVE-2007-3867
Human Resources (PER)
SQL Injection

See the Oracle Critical Patch Update July 2007 Advisory for exact versions
and CVSS base metric scores.

Fix: Apply the patches as directed in Oracle Metalink Note ID 432882.1.

Credit: These vulnerabilities were discovered by Stephen Kost and Jack
Kanter of Integrigy Corporation

For more details on the impact of the July 2007 CPU on Oracle E-Business
Suite implementations, see Integrigy's analysis of the CPU at -

http://www.integrigy.com/oracle-cpu-july-2007

Integrigy has included checks for these vulnerabilities in AppSentry, a
vulnerability scanner for Oracle Applications, and AppDefend, an application
intrusion prevention system for Oracle Applications.

For more information or questions regarding these vulnerabilities or
remediation steps, please contact us at alerts@integrigy.com.


Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close