Oracle E-Business Suite SQL owf_mgr.wf_event_html Unspecified Input Manipulation Issue

2005-07-12T10:29:54
ID OSVDB:18047
Type osvdb
Reporter Stephen Kost ()
Modified 2005-07-12T10:29:54

Description

Vulnerability Description

Oracle E-Business Suite contain an unspecified flaw related to the Oracle Net component that may allow an attacker connected with a valid session to compromise the confidentiality and/or integrity of a server via SQL injection or parameter manipulation. No further details have been provided.

Technical Description

An attacker must supply valid authentication credentials for execute on owf_mgr.wf_event_html in order to exploit this vulnerability.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released a patch (Critical Patch Update - July 2005) to address this vulnerability.

Short Description

Oracle E-Business Suite contain an unspecified flaw related to the Oracle Net component that may allow an attacker connected with a valid session to compromise the confidentiality and/or integrity of a server via SQL injection or parameter manipulation. No further details have been provided.

References:

Vendor Specific Advisory URL Security Tracker: 1014466 Secunia Advisory ID:15991 Secunia Advisory ID:16121 Related OSVDB ID: 18046 Other Advisory URL: http://www.integrigy.com/alerts/OraCPU0705.htm Other Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 Other Advisory URL: http://www.us-cert.gov/cas/techalerts/TA04-245A.html Keyword: APPS04 ISS X-Force ID: 21348 Generic Informational URL: http://www.eweek.com/article2/0,1895,1836304,00.asp CERT VU: 613562 Bugtraq ID: 14238