Oracle E-Business Suite HTTP Unauthenticated Multiple Unspecified Input Manipulation Issues

2005-07-12T10:29:54
ID OSVDB:18051
Type osvdb
Reporter Stephen Kost ()
Modified 2005-07-12T10:29:54

Description

Vulnerability Description

Oracle E-Business Suite contains several unspecified flaws related to the HTTP server that may allow a remote attacker to compromise the integrity and/or confidentiality of a server via SQL injection or parameter manipulation. No further details have been provided.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released a patch (Critical Patch Update - July 2005) to address this vulnerability.

Short Description

Oracle E-Business Suite contains several unspecified flaws related to the HTTP server that may allow a remote attacker to compromise the integrity and/or confidentiality of a server via SQL injection or parameter manipulation. No further details have been provided.

References:

Vendor Specific Advisory URL Security Tracker: 1014466 Secunia Advisory ID:15991 Secunia Advisory ID:16121 Other Advisory URL: http://www.integrigy.com/alerts/OraCPU0705.htm Other Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 Other Advisory URL: http://www.us-cert.gov/cas/techalerts/TA04-245A.html Keyword: APPS15 ISS X-Force ID: 21348 Generic Informational URL: http://www.eweek.com/article2/0,1895,1836304,00.asp CERT VU: 613562 Bugtraq ID: 14238