2 matches found
Oracle BPEL Process Manager ScriptServlet Information Disclosure (CVE-2013-3828)
A directory traversal vulnerability has been reported in Oracle BPEL Process Manager. The vulnerability is due to insufficient input validation in ScriptServlet when processing HTTP request parameters. A remote unauthenticated attacker can leverage this vulnerability to obtain sensitive informati...
CVE-2013-3828
CVE-2013-3828 affects Oracle Fusion Middleware Web Services (Oracle BPEL Process Manager ScriptServlet) versions 10.1.3.5.0 and 11.1.1.6.0. Multiple sources describe an information-disclosure vulnerability in the Web Services Test Page’s ScriptServlet, exploitable via a crafted request that trigg...