Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiJoxean KoretZDI-07-017
HistoryApr 18, 2007 - 12:00 a.m.

Oracle E-Business Suite Arbitrary Document Download Vulnerability

2007-04-1800:00:00
Joxean Koret
www.zerodayinitiative.com
7

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.014 Low

EPSS

Percentile

86.3%

JSON

This vulnerability allows remote attackers to download any existing document in the APPS.FND_DOCUMENTS table on vulnerable installations of Oracle E-Business Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists in the ADI_BINARY component of the E-Business Suite. The component exposes a parameter that can also be passed to ADI_DISPLAY_REPORT to allow an attacker to view any document in the APPS.FND_DOCUMENTS table. An attacker can cycle through all document IDs to display each document that exists.

Related

securityvulns 2
prion 1
cve 1
securityvulns
securityvulns
ZDI-07-017: Oracle E-Business Suite Arbitrary Document Download Vulnerability
2007-04-20 00:00:00
Oracle critical patch update
2007-04-20 00:00:00
prion
prion
Code injection
2007-04-24 20:19:00
cve
cve
CVE-2007-2135
2007-04-24 20:19:00

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.014 Low

EPSS

Percentile

86.3%

JSON
Related for ZDI-07-017
securityvulns2prion1cve1