"Integrigy has detected multiple, highly critical vulnerabilities in Oracle E-Business Suite and Oracle Applications. Immediate patching is the only answer since, as Oracle itself puts it, “any user with browser access and specialised...
SearchOracle - Oracle: Users should patch flaws ASAP
"The three vulnerabilities were discovered more than a month ago by Stephen Kost of Integrigy Corp., a Chicago-based security consulting company specializing in customer relationship management (CRM) applications."
The link address...
Security Wire - High-risk Vulnerabilities in Oracle E-Business Suite
"Stephen Kost, CTO of security software and services provider Integrigy, has discovered an exploitable buffer-overflow vulnerability in Oracle's E-Business Suite Applications Web Report Review (FNDWRR) program used to view reports and...
SANS Critical Vulnerability Analysis Vol. 2. No. 29
"The FNDWRR.exe CGI program is a component of the Oracle Applications and E-Business Suite products, and allows web-based viewing of reports and log data. This program contains a buffer overflow vulnerability in handling overlong URLs...
InternetNews - Oracle Plugs Three Security Holes
"That hole, discovered by researchers Integrigy, affects the Oracle E-Business Suite 11i and Oracle Applications 11.x through 11i. The company said the problem existed in the "aoljtest.jsp" script which is part of the OA Framework...
InternetNews - Oracle Plugs Three Security Holes
"That hole, discovered by researchers Integrigy, affects the Oracle E-Business Suite 11i and Oracle Applications 11.x through 11i. The company said the problem existed in the "aoljtest.jsp" script which is part of the OA Framework...
ComputerWeekly - Oracle warns of flaws in E-Business suite
"Part of E-Business Suite's Oracle Applications Self-Service Framework (OA Framework), the Setup Test Suite, is installed on all Oracle 11i web and forms servers and is used to verify the installation and configuration of the OA...
ComputerWorld - Oracle warns of security flaws
"One of the flaws is a buffer overflow vulnerability in an E-Business Suite component called FNDWRR that could let an attacker cause that program to crash, Oracle said. FNDWRR is a Common Gateway Interface program that lets customers view...
- Read more about ComputerWorld - Oracle warns of security flaws
- Log in to post comments
SANS Critical Vulnerability Analysis Vol. 2. No. 15
"The Oracle E-Business Suite Report Review Agent (RRA) contains a vulnerability that allows remote attackers to read sensitive data on Oracle Applications Concurrent Manager servers, including password files."
The link address is:...