Oracle9i Application Server Portal Component SQL Injection

2003-11-04T05:08:52
ID OSVDB:2763
Type osvdb
Reporter OSVDB
Modified 2003-11-04T05:08:52

Description

Vulnerability Description

Oracle 9i Application Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when user input is not validated, which will disclose user information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released a patch to address this vulnerability.

Short Description

Oracle 9i Application Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when user input is not validated, which will disclose user information resulting in a loss of confidentiality.

References:

Vendor Specific Solution URL: http://metalink.oracle.com/ Vendor Specific Advisory URL Secunia Advisory ID:10130 Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0032.html ISS X-Force ID: 13593 Bugtraq ID: 8966