ทงบอลออนไลน์/แทงบอล/เครดิตฟรี/Sport777 เดิมพันกีฬาออนไลน์ที่ดีที่สุดในประเทศไทย

secniche

Home | About

Advisory: Oracle EBusiness Suite Sensitive Information Disclosure Vulnerability

Version Affected:

Oracle E-Business Suite Release 12, version 12.0.6

Oracle E-Business Suite Release 11i, version 11.5.10.2

 

CVE:

2008-5446

 

Description:

The oracle E Business including applications like I-Recruitment etc is vulnerable to flaw which leads to sensitive information disclosure about the deployment of oracle application and server in a production environment. The flaw persists in the E Business suite designed code which allows malicious user to steal sensitive information through “About Us Page” (shipped with E Business Suite) by allowing guest access. In addition to this a straight forward access is granted to attacker to steal all the information which provide potential attack surface for conducting stringent attacks.

 

The severity gets higher because the type of information is revealed. This can be structured over two end points as:

 

1. If an application is hosted on internet with external interface.

2. If an application is hosted in organization production environment.

 

Proof of Concept: Refer to the whitepaper for detail information

Oracle E-Business Flaw Whitepaper

 

Detection:

SecNiche confirmed this vulnerability affects the above oracle version listed.

 

Disclosure Timeline:

Disclosed: 25 Sept 2008

Reply : 26 Sept 2008

Oracle Fix and Release Date. 13 January 2009

 

Vendor Response:

Oracle acknowledges this vulnerability and fix have been release in critical advisory update of 13 January 2009

 

Oracle Critical Patch Update: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html

 

Credit:

Oracle Credited Aditya K Sood for discovering this vulnerability

 

Disclaimer:

The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There is no representation or warranties, either express or implied by or with respect to anything in this document, and shall not be liable for a ny implied warranties of merchantability or fitness for a particular purpose or for any indirect special or consequential damages.

find more latest online casino infomation here: Sport777