Oracle E-Business Suite Report Review Agent (RRA) allows arbitrary files to be retrieved with no authentication

2003-04-14T00:00:00
ID VU:168873
Type cert
Reporter CERT
Modified 2003-04-14T00:00:00

Description

Overview

A vulnerability in Oracle's E-Business Suite Report Review Agent (RRA) allows arbitrary files to be retrieved with no authentication.

Description

A vulnerability exists in the Oracle E-Business Suite Report Review Agent (RRA). This vulnerability may allow a remote attacker to retrieve arbitrary information from Oracle Applications Concurrent Manager servers prior to authentication. For more information, please see the following documents:

* [`Oracle Security Alert 53`](<http://otn.oracle.com/deploy/security/pdf/2003alert53.pdf>)
* [`Integrity Security Alert`](<http://www.integrigy.com/alerts/FNDFS_Vulnerability.htm>)

Impact

A remote attacker may be able to retrieve arbitrary information from Oracle Applications Concurrent Manager servers prior to authentication.


Solution

Apply a vendor supplied patch.


Mitigation