Security Flaw Discovered in Oracle E-Business Suite @ JDJ
2008-05-01 06:14
477 查看
An unauthenticated user with browser access to a Web server hosting the E Business Suite application and specialized knowledge can exploit vulnerabilities, says a top-level Oracle.com/deploy/Security/pdf/2004alert67.pdf" />Security alert from Oracle this week.
Oracle Security Alert 67 declares that, without a patch issued by Oracle, Oracle E-Business Suite 11i and Oracle Applications 11.0 packages are subject to multiple SQL injection Flaws that could be used to manipulate database entries.
Oracle shops with internet-facing application servers are particularly at risk, says the Security tools firm integrigy.com/alerts/oraappssqlinjection.htm" />integrigy, which describes the vulnerabilities as follows:
"integrigy has discovered multiple SQL injection vulnerabilities in almost all supported versions of Oracle Applications (11.0 and 11i).
Because Oracle Applications 11i installs code for all product modules, all Oracle Applications 11i customers are vulnerable to these SQL injection issues.
A SQL injection vulnerability allows an attacker to execute SQL statements or database functions by inserting SQL code fragments into input fields of a web page. Due to the design of Oracle Applications, a SQL injection attack can easily and effectively compromise the entire database and application." Oracle has released a patch for Oracle Applications 11.0 and the Oracle E-Business Suite 11i to correct these vulnerab
Oracle Security Alert 67 declares that, without a patch issued by Oracle, Oracle E-Business Suite 11i and Oracle Applications 11.0 packages are subject to multiple SQL injection Flaws that could be used to manipulate database entries.
Oracle shops with internet-facing application servers are particularly at risk, says the Security tools firm integrigy.com/alerts/oraappssqlinjection.htm" />integrigy, which describes the vulnerabilities as follows:
"integrigy has discovered multiple SQL injection vulnerabilities in almost all supported versions of Oracle Applications (11.0 and 11i).
Because Oracle Applications 11i installs code for all product modules, all Oracle Applications 11i customers are vulnerable to these SQL injection issues.
A SQL injection vulnerability allows an attacker to execute SQL statements or database functions by inserting SQL code fragments into input fields of a web page. Due to the design of Oracle Applications, a SQL injection attack can easily and effectively compromise the entire database and application." Oracle has released a patch for Oracle Applications 11.0 and the Oracle E-Business Suite 11i to correct these vulnerab
相关文章推荐
- Error using the Generate WSDL Button in Oracle E-Business Suite Integrated Soa Gateway Release 12.1
- Enabling SSL or TLS in Oracle E-Business Suite Release 12
- How to Audit the Top 10 Oracle E-Business Suite Security Risks
- Deploying Customizations in Oracle E-Business Suite Release 12.2
- Deploying Customizations in Oracle E-Business Suite Release 12.2
- Configuring Oracle E-Business Suite Integrated SOA Gateway Release 12.1.2 and Release 12.1.3 in a Multinode Environment (Doc ID 1081100.1)
- Deploying Customizations in Oracle E-Business Suite Release 12.2
- Sharing The Application Tier File System in Oracle E-Business Suite Release 12.2
- Sharing The Application Tier File System in Oracle E-Business Suite Release 12.2
- Sharing The Application Tier File System in Oracle E-Business Suite Release 12.2
- Using Intermediate Events and Advanced TaskService Interactions in Oracle BPM Suite 11g
- Oracle E-Business Suite Web Page cannot navigate successful
- Metalink Note:中文文档列表 - Oracle EBS (Enterprise Business Suite) [ID 1553829.1]
- Understanding and Using HRMS Security in Oracle HRMS
- Oracle E-Business Suite Maintenance Guide Release 12.2(Patching Procedures)
- Database Initialization Parameters for Oracle E-Business Suite Release 12
- Understanding and Using HRMS Security in Oracle HRMS
- Oracle E-Business Suite Maintenance Guide Release 12.2(Patching Procedures)
- Part 1: Running Oracle E-Business Suite on Oracle Cloud
- Putting Data and Business Process Integration in Context @ JDJ