exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

oracle-multi.txt

oracle-multi.txt
Posted Jul 25, 2007
Authored by Stephen Kost, Jack Kanter | Site integrigy.com

Multiple security vulnerabilities have been corrected in the Oracle Business Suite 11i and R12 as part of July 2007 Oracle Critical Patch Update (CPU). These include SQL injection and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, sql injection
advisories | CVE-2007-3865, CVE-2007-3866, CVE-2007-3867
SHA-256 | 351c01823ab7ff21020c389c6441d2e3d3cd29cb6947a08a05655b437ac95282
Download | Favorite | View

oracle-multi.txt

Change Mirror Download
Multiple security vulnerabilities have been corrected in the Oracle Business
Suite 11i and R12 as part of July 2007 Oracle Critical Patch Update (CPU).
All Internet accessible environments should prioritize patch 6045931
(APPS04/05/06) in order to correct multiple vulnerabilities in the On-line
help or temporarily disable the help functionality using the Oracle supplied
"URL Firewall".

APPS01 / CVE-2007-3865
Customer Intelligence (BIC) (R12 only)
SQL Injection

APPS02 / CVE-2007-3866
Configurator (CZ)
Cross Site Scripting

APPS03 / CVE-2007-3866
Internet Expenses (AP)
Cross Site Scripting

APPS04 / CVE-2007-3867
APPS05 / CVE-2007-3867
APPS06 / CVE-2007-3867
On-line Help (FND)
SQL Injection, Cross Site Scripting (multiple), Information Disclosure

APPS07 / CVE-2007-3867
Customer Intelligence (BIC)
SQL Injection

APPS08 / CVE-2007-3867
iPayment (IBY)
Information Disclosure

APPS09 / CVE-2007-3866
Application Object Library (FND)
SQL Injection

APPS10 / CVE-2007-3867
Human Resources (PER)
SQL Injection

See the Oracle Critical Patch Update July 2007 Advisory for exact versions
and CVSS base metric scores.

Fix: Apply the patches as directed in Oracle Metalink Note ID 432882.1.

Credit: These vulnerabilities were discovered by Stephen Kost and Jack
Kanter of Integrigy Corporation

For more details on the impact of the July 2007 CPU on Oracle E-Business
Suite implementations, see Integrigy's analysis of the CPU at -

http://www.integrigy.com/oracle-cpu-july-2007

Integrigy has included checks for these vulnerabilities in AppSentry, a
vulnerability scanner for Oracle Applications, and AppDefend, an application
intrusion prevention system for Oracle Applications.

For more information or questions regarding these vulnerabilities or
remediation steps, please contact us at alerts@integrigy.com.


Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close