ID CVE-2007-3867 Type cve Reporter cve@mitre.org Modified 2018-10-15T21:31:00
Description
Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 have unknown impact and attack vectors, related to (1) APPS04, (2) APPS05, and (3) APPS06 in (a) Oracle Application Object Library, (4) APPS07 in Oracle Customer Intelligence, (5) APPS08 in Oracle Payments, (7) APPS10 in Oracle Human Resources, and (8) APPS11 in iRecruitment.
As the impact type is unspecified, it has been set to a default value of "Obtain Other Access (e.g. application account)."
{"id": "CVE-2007-3867", "bulletinFamily": "NVD", "title": "CVE-2007-3867", "description": "Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 have unknown impact and attack vectors, related to (1) APPS04, (2) APPS05, and (3) APPS06 in (a) Oracle Application Object Library, (4) APPS07 in Oracle Customer Intelligence, (5) APPS08 in Oracle Payments, (7) APPS10 in Oracle Human Resources, and (8) APPS11 in iRecruitment.\nAs the impact type is unspecified, it has been set to a default value of \"Obtain Other Access (e.g. application account).\"", "published": "2007-07-18T19:30:00", "modified": "2018-10-15T21:31:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3867", "reporter": "cve@mitre.org", "references": ["http://www.integrigy.com/security-resources/analysis/Integrigy_Oracle_CPU_July_2007_Analysis.pdf", "http://www.oracle.com/technetwork/topics/security/cpujul2007-087014.html", "http://www.vupen.com/english/advisories/2007/2562", "http://www.securityfocus.com/archive/1/474515/100/0/threaded", "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00727143", "http://www.securitytracker.com/id?1018415", "http://secunia.com/advisories/26166", "http://www.vupen.com/english/advisories/2007/2635", "http://www.red-database-security.com/advisory/oracle_cpu_jul_2007.html", "http://secunia.com/advisories/26114", "https://exchange.xforce.ibmcloud.com/vulnerabilities/35490", "http://www.us-cert.gov/cas/techalerts/TA07-200A.html"], "cvelist": ["CVE-2007-3867"], "type": "cve", "lastseen": "2020-10-03T11:45:52", "edition": 3, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:40008", "OSVDB:40002", "OSVDB:40003", "OSVDB:40004", "OSVDB:40007", "OSVDB:40001", "OSVDB:40005"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:17584", "SECURITYVULNS:VULN:7942"]}], "modified": "2020-10-03T11:45:52", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2020-10-03T11:45:52", "rev": 2}, "vulnersScore": 7.5}, "cpe": ["cpe:/a:oracle:e-business_suite:11.5.10.2"], "affectedSoftware": [{"cpeName": "oracle:e-business_suite", "name": "oracle e-business suite", "operator": "eq", "version": "11.5.10.2"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:oracle:e-business_suite:11.5.10.2:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:e-business_suite:11.5.10.2:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}}
{"osvdb": [{"lastseen": "2017-04-28T13:20:36", "bulletinFamily": "software", "cvelist": ["CVE-2007-3867"], "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2007.html)\n[Secunia Advisory ID:26114](https://secuniaresearch.flexerasoftware.com/advisories/26114/)\n[Secunia Advisory ID:26166](https://secuniaresearch.flexerasoftware.com/advisories/26166/)\n[Related OSVDB ID: 1020155](https://vulners.com/osvdb/OSVDB:1020155)\n[Related OSVDB ID: 40010](https://vulners.com/osvdb/OSVDB:40010)\n[Related OSVDB ID: 40009](https://vulners.com/osvdb/OSVDB:40009)\n[Related OSVDB ID: 40003](https://vulners.com/osvdb/OSVDB:40003)\n[Related OSVDB ID: 1020263](https://vulners.com/osvdb/OSVDB:1020263)\n[Related OSVDB ID: 1020264](https://vulners.com/osvdb/OSVDB:1020264)\n[Related OSVDB ID: 1016246](https://vulners.com/osvdb/OSVDB:1016246)\n[Related OSVDB ID: 1020159](https://vulners.com/osvdb/OSVDB:1020159)\n[Related OSVDB ID: 1020157](https://vulners.com/osvdb/OSVDB:1020157)\n[Related OSVDB ID: 1020158](https://vulners.com/osvdb/OSVDB:1020158)\n[Related OSVDB ID: 40004](https://vulners.com/osvdb/OSVDB:40004)\n[Related OSVDB ID: 40008](https://vulners.com/osvdb/OSVDB:40008)\n[Related OSVDB ID: 40011](https://vulners.com/osvdb/OSVDB:40011)\n[Related OSVDB ID: 40006](https://vulners.com/osvdb/OSVDB:40006)\n[Related OSVDB ID: 1020156](https://vulners.com/osvdb/OSVDB:1020156)\n[Related OSVDB ID: 40005](https://vulners.com/osvdb/OSVDB:40005)\n[Related OSVDB ID: 40007](https://vulners.com/osvdb/OSVDB:40007)\n[Related OSVDB ID: 1020265](https://vulners.com/osvdb/OSVDB:1020265)\nOther Advisory URL: http://itrc.hp.com/service/cki/docDisplay.do?docId=c00727143\nNews Article: http://www.eweek.com/article2/0,1895,2158203,00.asp\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-07/0261.html\nKeyword: HPSBMA02133,SSRT061201,c00727143\n[CVE-2007-3867](https://vulners.com/cve/CVE-2007-3867)\n", "edition": 1, "modified": "2007-07-18T17:36:15", "published": "2007-07-18T17:36:15", "href": "https://vulners.com/osvdb/OSVDB:40002", "id": "OSVDB:40002", "title": "Oracle E-Business Suite Application Object Library HTTP Unspecified Remote Information Disclosure (APPS05)", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:36", "bulletinFamily": "software", "cvelist": ["CVE-2007-3867"], "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2007.html)\n[Secunia Advisory ID:26114](https://secuniaresearch.flexerasoftware.com/advisories/26114/)\n[Secunia Advisory ID:26166](https://secuniaresearch.flexerasoftware.com/advisories/26166/)\n[Related OSVDB ID: 1020155](https://vulners.com/osvdb/OSVDB:1020155)\n[Related OSVDB ID: 40010](https://vulners.com/osvdb/OSVDB:40010)\n[Related OSVDB ID: 40009](https://vulners.com/osvdb/OSVDB:40009)\n[Related OSVDB ID: 1020263](https://vulners.com/osvdb/OSVDB:1020263)\n[Related OSVDB ID: 1020264](https://vulners.com/osvdb/OSVDB:1020264)\n[Related OSVDB ID: 1016246](https://vulners.com/osvdb/OSVDB:1016246)\n[Related OSVDB ID: 1020159](https://vulners.com/osvdb/OSVDB:1020159)\n[Related OSVDB ID: 1020157](https://vulners.com/osvdb/OSVDB:1020157)\n[Related OSVDB ID: 1020158](https://vulners.com/osvdb/OSVDB:1020158)\n[Related OSVDB ID: 40004](https://vulners.com/osvdb/OSVDB:40004)\n[Related OSVDB ID: 40008](https://vulners.com/osvdb/OSVDB:40008)\n[Related OSVDB ID: 40011](https://vulners.com/osvdb/OSVDB:40011)\n[Related OSVDB ID: 40006](https://vulners.com/osvdb/OSVDB:40006)\n[Related OSVDB ID: 1020156](https://vulners.com/osvdb/OSVDB:1020156)\n[Related OSVDB ID: 40005](https://vulners.com/osvdb/OSVDB:40005)\n[Related OSVDB ID: 40007](https://vulners.com/osvdb/OSVDB:40007)\n[Related OSVDB ID: 1020262](https://vulners.com/osvdb/OSVDB:1020262)\n[Related OSVDB ID: 1020265](https://vulners.com/osvdb/OSVDB:1020265)\nOther Advisory URL: http://itrc.hp.com/service/cki/docDisplay.do?docId=c00727143\nNews Article: http://www.eweek.com/article2/0,1895,2158203,00.asp\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-07/0261.html\nKeyword: HPSBMA02133,SSRT061201,c00727143\n[CVE-2007-3867](https://vulners.com/cve/CVE-2007-3867)\n", "edition": 1, "modified": "2007-07-18T17:36:15", "published": "2007-07-18T17:36:15", "href": "https://vulners.com/osvdb/OSVDB:40003", "id": "OSVDB:40003", "title": "Oracle E-Business Suite Application Object Library HTTP Unspecified Remote Information Disclosure (APPS06)", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:36", "bulletinFamily": "software", "cvelist": ["CVE-2007-3867"], "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2007.html)\n[Secunia Advisory ID:26114](https://secuniaresearch.flexerasoftware.com/advisories/26114/)\n[Secunia Advisory ID:26166](https://secuniaresearch.flexerasoftware.com/advisories/26166/)\n[Related OSVDB ID: 1020155](https://vulners.com/osvdb/OSVDB:1020155)\n[Related OSVDB ID: 40010](https://vulners.com/osvdb/OSVDB:40010)\n[Related OSVDB ID: 40009](https://vulners.com/osvdb/OSVDB:40009)\n[Related OSVDB ID: 1020263](https://vulners.com/osvdb/OSVDB:1020263)\n[Related OSVDB ID: 1020264](https://vulners.com/osvdb/OSVDB:1020264)\n[Related OSVDB ID: 1016246](https://vulners.com/osvdb/OSVDB:1016246)\n[Related OSVDB ID: 1020159](https://vulners.com/osvdb/OSVDB:1020159)\n[Related OSVDB ID: 1020261](https://vulners.com/osvdb/OSVDB:1020261)\n[Related OSVDB ID: 1020157](https://vulners.com/osvdb/OSVDB:1020157)\n[Related OSVDB ID: 1020158](https://vulners.com/osvdb/OSVDB:1020158)\n[Related OSVDB ID: 40008](https://vulners.com/osvdb/OSVDB:40008)\n[Related OSVDB ID: 40011](https://vulners.com/osvdb/OSVDB:40011)\n[Related OSVDB ID: 40006](https://vulners.com/osvdb/OSVDB:40006)\n[Related OSVDB ID: 1020156](https://vulners.com/osvdb/OSVDB:1020156)\n[Related OSVDB ID: 40005](https://vulners.com/osvdb/OSVDB:40005)\n[Related OSVDB ID: 40007](https://vulners.com/osvdb/OSVDB:40007)\n[Related OSVDB ID: 1020262](https://vulners.com/osvdb/OSVDB:1020262)\n[Related OSVDB ID: 1020265](https://vulners.com/osvdb/OSVDB:1020265)\nOther Advisory URL: http://itrc.hp.com/service/cki/docDisplay.do?docId=c00727143\nNews Article: http://www.eweek.com/article2/0,1895,2158203,00.asp\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-07/0261.html\nKeyword: HPSBMA02133,SSRT061201,c00727143\n[CVE-2007-3867](https://vulners.com/cve/CVE-2007-3867)\n", "edition": 1, "modified": "2007-07-18T17:36:15", "published": "2007-07-18T17:36:15", "href": "https://vulners.com/osvdb/OSVDB:40004", "id": "OSVDB:40004", "title": "Oracle E-Business Suite Customer Intelligence Unspecified Remote Information Disclosure", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:36", "bulletinFamily": "software", "cvelist": ["CVE-2007-3867"], "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2007.html)\n[Secunia Advisory ID:26114](https://secuniaresearch.flexerasoftware.com/advisories/26114/)\n[Secunia Advisory ID:26166](https://secuniaresearch.flexerasoftware.com/advisories/26166/)\n[Related OSVDB ID: 1020155](https://vulners.com/osvdb/OSVDB:1020155)\n[Related OSVDB ID: 40010](https://vulners.com/osvdb/OSVDB:40010)\n[Related OSVDB ID: 40009](https://vulners.com/osvdb/OSVDB:40009)\n[Related OSVDB ID: 1020263](https://vulners.com/osvdb/OSVDB:1020263)\n[Related OSVDB ID: 1020264](https://vulners.com/osvdb/OSVDB:1020264)\n[Related OSVDB ID: 1016246](https://vulners.com/osvdb/OSVDB:1016246)\n[Related OSVDB ID: 1020159](https://vulners.com/osvdb/OSVDB:1020159)\n[Related OSVDB ID: 1020253](https://vulners.com/osvdb/OSVDB:1020253)\n[Related OSVDB ID: 1020261](https://vulners.com/osvdb/OSVDB:1020261)\n[Related OSVDB ID: 1020157](https://vulners.com/osvdb/OSVDB:1020157)\n[Related OSVDB ID: 1020158](https://vulners.com/osvdb/OSVDB:1020158)\n[Related OSVDB ID: 40008](https://vulners.com/osvdb/OSVDB:40008)\n[Related OSVDB ID: 40011](https://vulners.com/osvdb/OSVDB:40011)\n[Related OSVDB ID: 40006](https://vulners.com/osvdb/OSVDB:40006)\n[Related OSVDB ID: 1020156](https://vulners.com/osvdb/OSVDB:1020156)\n[Related OSVDB ID: 40007](https://vulners.com/osvdb/OSVDB:40007)\n[Related OSVDB ID: 1020262](https://vulners.com/osvdb/OSVDB:1020262)\n[Related OSVDB ID: 1020265](https://vulners.com/osvdb/OSVDB:1020265)\nOther Advisory URL: http://itrc.hp.com/service/cki/docDisplay.do?docId=c00727143\nNews Article: http://www.eweek.com/article2/0,1895,2158203,00.asp\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-07/0261.html\nKeyword: HPSBMA02133,SSRT061201,c00727143\n[CVE-2007-3867](https://vulners.com/cve/CVE-2007-3867)\n", "edition": 1, "modified": "2007-07-18T17:36:15", "published": "2007-07-18T17:36:15", "href": "https://vulners.com/osvdb/OSVDB:40005", "id": "OSVDB:40005", "title": "Oracle E-Business Suite Payments Unspecified Remote Information Disclosure", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:36", "bulletinFamily": "software", "cvelist": ["CVE-2007-3867"], "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2007.html)\n[Secunia Advisory ID:26114](https://secuniaresearch.flexerasoftware.com/advisories/26114/)\n[Secunia Advisory ID:26166](https://secuniaresearch.flexerasoftware.com/advisories/26166/)\n[Related OSVDB ID: 1020155](https://vulners.com/osvdb/OSVDB:1020155)\n[Related OSVDB ID: 40010](https://vulners.com/osvdb/OSVDB:40010)\n[Related OSVDB ID: 40009](https://vulners.com/osvdb/OSVDB:40009)\n[Related OSVDB ID: 1020259](https://vulners.com/osvdb/OSVDB:1020259)\n[Related OSVDB ID: 1020263](https://vulners.com/osvdb/OSVDB:1020263)\n[Related OSVDB ID: 1020264](https://vulners.com/osvdb/OSVDB:1020264)\n[Related OSVDB ID: 1016246](https://vulners.com/osvdb/OSVDB:1016246)\n[Related OSVDB ID: 1020159](https://vulners.com/osvdb/OSVDB:1020159)\n[Related OSVDB ID: 1020253](https://vulners.com/osvdb/OSVDB:1020253)\n[Related OSVDB ID: 1020258](https://vulners.com/osvdb/OSVDB:1020258)\n[Related OSVDB ID: 1020261](https://vulners.com/osvdb/OSVDB:1020261)\n[Related OSVDB ID: 1020157](https://vulners.com/osvdb/OSVDB:1020157)\n[Related OSVDB ID: 1020158](https://vulners.com/osvdb/OSVDB:1020158)\n[Related OSVDB ID: 40008](https://vulners.com/osvdb/OSVDB:40008)\n[Related OSVDB ID: 40011](https://vulners.com/osvdb/OSVDB:40011)\n[Related OSVDB ID: 1020156](https://vulners.com/osvdb/OSVDB:1020156)\n[Related OSVDB ID: 1020262](https://vulners.com/osvdb/OSVDB:1020262)\n[Related OSVDB ID: 1020265](https://vulners.com/osvdb/OSVDB:1020265)\nOther Advisory URL: http://itrc.hp.com/service/cki/docDisplay.do?docId=c00727143\nNews Article: http://www.eweek.com/article2/0,1895,2158203,00.asp\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-07/0261.html\nKeyword: HPSBMA02133,SSRT061201,c00727143\n[CVE-2007-3867](https://vulners.com/cve/CVE-2007-3867)\n", "edition": 1, "modified": "2007-07-18T17:36:15", "published": "2007-07-18T17:36:15", "href": "https://vulners.com/osvdb/OSVDB:40007", "id": "OSVDB:40007", "title": "Oracle E-Business Suite Human Resources Unspecified Remote Information Disclosure", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:36", "bulletinFamily": "software", "cvelist": ["CVE-2007-3867"], "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2007.html)\n[Secunia Advisory ID:26114](https://secuniaresearch.flexerasoftware.com/advisories/26114/)\n[Secunia Advisory ID:26166](https://secuniaresearch.flexerasoftware.com/advisories/26166/)\n[Related OSVDB ID: 1020155](https://vulners.com/osvdb/OSVDB:1020155)\n[Related OSVDB ID: 40010](https://vulners.com/osvdb/OSVDB:40010)\n[Related OSVDB ID: 40009](https://vulners.com/osvdb/OSVDB:40009)\n[Related OSVDB ID: 1020259](https://vulners.com/osvdb/OSVDB:1020259)\n[Related OSVDB ID: 1020263](https://vulners.com/osvdb/OSVDB:1020263)\n[Related OSVDB ID: 1020264](https://vulners.com/osvdb/OSVDB:1020264)\n[Related OSVDB ID: 1016246](https://vulners.com/osvdb/OSVDB:1016246)\n[Related OSVDB ID: 1020159](https://vulners.com/osvdb/OSVDB:1020159)\n[Related OSVDB ID: 1020253](https://vulners.com/osvdb/OSVDB:1020253)\n[Related OSVDB ID: 1020258](https://vulners.com/osvdb/OSVDB:1020258)\n[Related OSVDB ID: 1020261](https://vulners.com/osvdb/OSVDB:1020261)\n[Related OSVDB ID: 1020157](https://vulners.com/osvdb/OSVDB:1020157)\n[Related OSVDB ID: 1020158](https://vulners.com/osvdb/OSVDB:1020158)\n[Related OSVDB ID: 40011](https://vulners.com/osvdb/OSVDB:40011)\n[Related OSVDB ID: 1020156](https://vulners.com/osvdb/OSVDB:1020156)\n[Related OSVDB ID: 1020260](https://vulners.com/osvdb/OSVDB:1020260)\n[Related OSVDB ID: 1020262](https://vulners.com/osvdb/OSVDB:1020262)\n[Related OSVDB ID: 1020265](https://vulners.com/osvdb/OSVDB:1020265)\nOther Advisory URL: http://itrc.hp.com/service/cki/docDisplay.do?docId=c00727143\nNews Article: http://www.eweek.com/article2/0,1895,2158203,00.asp\nKeyword: HPSBMA02133,SSRT061201,c00727143\n[CVE-2007-3867](https://vulners.com/cve/CVE-2007-3867)\n", "edition": 1, "modified": "2007-07-18T17:36:15", "published": "2007-07-18T17:36:15", "href": "https://vulners.com/osvdb/OSVDB:40008", "id": "OSVDB:40008", "title": "Oracle E-Business Suite iRecruitment Administrator Unspecified Remote Information Disclosure", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:36", "bulletinFamily": "software", "cvelist": ["CVE-2007-3867"], "description": "# No description provided by the source\n\n## References:\n[Vendor Specific Advisory URL](http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2007.html)\n[Secunia Advisory ID:26114](https://secuniaresearch.flexerasoftware.com/advisories/26114/)\n[Secunia Advisory ID:26166](https://secuniaresearch.flexerasoftware.com/advisories/26166/)\n[Related OSVDB ID: 1020155](https://vulners.com/osvdb/OSVDB:1020155)\n[Related OSVDB ID: 40010](https://vulners.com/osvdb/OSVDB:40010)\n[Related OSVDB ID: 40009](https://vulners.com/osvdb/OSVDB:40009)\n[Related OSVDB ID: 40003](https://vulners.com/osvdb/OSVDB:40003)\n[Related OSVDB ID: 1020263](https://vulners.com/osvdb/OSVDB:1020263)\n[Related OSVDB ID: 1016246](https://vulners.com/osvdb/OSVDB:1016246)\n[Related OSVDB ID: 1020159](https://vulners.com/osvdb/OSVDB:1020159)\n[Related OSVDB ID: 1020157](https://vulners.com/osvdb/OSVDB:1020157)\n[Related OSVDB ID: 1020158](https://vulners.com/osvdb/OSVDB:1020158)\n[Related OSVDB ID: 40004](https://vulners.com/osvdb/OSVDB:40004)\n[Related OSVDB ID: 40008](https://vulners.com/osvdb/OSVDB:40008)\n[Related OSVDB ID: 40011](https://vulners.com/osvdb/OSVDB:40011)\n[Related OSVDB ID: 40006](https://vulners.com/osvdb/OSVDB:40006)\n[Related OSVDB ID: 40002](https://vulners.com/osvdb/OSVDB:40002)\n[Related OSVDB ID: 1020156](https://vulners.com/osvdb/OSVDB:1020156)\n[Related OSVDB ID: 40005](https://vulners.com/osvdb/OSVDB:40005)\n[Related OSVDB ID: 40007](https://vulners.com/osvdb/OSVDB:40007)\n[Related OSVDB ID: 1020265](https://vulners.com/osvdb/OSVDB:1020265)\nOther Advisory URL: http://itrc.hp.com/service/cki/docDisplay.do?docId=c00727143\nNews Article: http://www.eweek.com/article2/0,1895,2158203,00.asp\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-07/0261.html\nKeyword: HPSBMA02133,SSRT061201,c00727143\n[CVE-2007-3867](https://vulners.com/cve/CVE-2007-3867)\n", "edition": 1, "modified": "2007-07-18T17:36:15", "published": "2007-07-18T17:36:15", "href": "https://vulners.com/osvdb/OSVDB:40001", "id": "OSVDB:40001", "title": "Oracle E-Business Suite Application Object Library HTTP Unspecified Remote Information Disclosure (APPS04)", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:22", "bulletinFamily": "software", "cvelist": ["CVE-2007-3866", "CVE-2007-3867", "CVE-2007-3865"], "description": "Multiple security vulnerabilities have been corrected in the Oracle Business\r\nSuite 11i and R12 as part of July 2007 Oracle Critical Patch Update (CPU).\r\nAll Internet accessible environments should prioritize patch 6045931\r\n(APPS04/05/06) in order to correct multiple vulnerabilities in the On-line\r\nhelp or temporarily disable the help functionality using the Oracle supplied\r\n"URL Firewall".\r\n\r\nAPPS01 / CVE-2007-3865\r\nCustomer Intelligence (BIC) (R12 only)\r\nSQL Injection\r\n\r\nAPPS02 / CVE-2007-3866\r\nConfigurator (CZ)\r\nCross Site Scripting\r\n\r\nAPPS03 / CVE-2007-3866\r\nInternet Expenses (AP)\r\nCross Site Scripting\r\n\r\nAPPS04 / CVE-2007-3867\r\nAPPS05 / CVE-2007-3867\r\nAPPS06 / CVE-2007-3867\r\nOn-line Help (FND)\r\nSQL Injection, Cross Site Scripting (multiple), Information Disclosure\r\n\r\nAPPS07 / CVE-2007-3867\r\nCustomer Intelligence (BIC)\r\nSQL Injection\r\n\r\nAPPS08 / CVE-2007-3867\r\niPayment (IBY)\r\nInformation Disclosure\r\n\r\nAPPS09 / CVE-2007-3866\r\nApplication Object Library (FND)\r\nSQL Injection\r\n\r\nAPPS10 / CVE-2007-3867\r\nHuman Resources (PER)\r\nSQL Injection\r\n\r\nSee the Oracle Critical Patch Update July 2007 Advisory for exact versions\r\nand CVSS base metric scores.\r\n\r\nFix: Apply the patches as directed in Oracle Metalink Note ID 432882.1.\r\n\r\nCredit: These vulnerabilities were discovered by Stephen Kost and Jack\r\nKanter of Integrigy Corporation\r\n\r\nFor more details on the impact of the July 2007 CPU on Oracle E-Business\r\nSuite implementations, see Integrigy's analysis of the CPU at -\r\n\r\nhttp://www.integrigy.com/oracle-cpu-july-2007\r\n\r\nIntegrigy has included checks for these vulnerabilities in AppSentry, a\r\nvulnerability scanner for Oracle Applications, and AppDefend, an application\r\nintrusion prevention system for Oracle Applications.\r\n\r\nFor more information or questions regarding these vulnerabilities or\r\nremediation steps, please contact us at alerts@integrigy.com.\r\n", "edition": 1, "modified": "2007-07-24T00:00:00", "published": "2007-07-24T00:00:00", "id": "SECURITYVULNS:DOC:17584", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:17584", "title": "Oracle E-Business Suite - Multiple Vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:26", "bulletinFamily": "software", "cvelist": ["CVE-2007-3866", "CVE-2007-3867", "CVE-2007-0270", "CVE-2007-3865", "CVE-2007-3855", "CVE-2007-0272"], "description": "DBMS_DRS.GET_PROPERTY and MDSYS.MD buffer overflow, crossite scripting, privilege escalation with views.", "edition": 1, "modified": "2007-07-24T00:00:00", "published": "2007-07-24T00:00:00", "id": "SECURITYVULNS:VULN:7942", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7942", "title": "Oracle multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 8.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:COMPLETE/A:COMPLETE/"}}]}
