Vulnerabilities > CVE-2008-5446 - Multiple vulnerability in Oracle January 2009 Critical Patch Update
Summary
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10 CU2 and 12.0.6 allows remote authenticated users to affect confidentiality via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is related to unrestricted guest access to the "About Us Page" in the Oracle Applications Framework (OAF), which allows attackers to obtain sensitive system and application environment information.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Saint
bid 33177 description Oracle Secure Backup NDMP_CONECT_CLIENT_AUTH buffer overflow id database_oracle_backupndmpbo,database_oracle_backupver osvdb 51340 title oracle_secure_backup_ndmp_clientauth type remote bid 33177 description Oracle Secure Backup login.php ora_osb_lcookie command execution id database_oracle_backupver osvdb 51343 title oracle_secure_backup_login_lcookie type remote bid 33177 description Oracle WebLogic Server IIS Connector JSESSIONID buffer overflow title weblogic_iis_connector_jsessionid type remote bid 33177 description Oracle Secure Backup login.php rbtool command injection id database_oracle_backupver osvdb 51342 title oracle_secure_backup_login_rbtool type remote bid 33177 description Oracle Database OLAP component ODCITABLESTART buffer overflow id database_oracle_version osvdb 51347 title oracle_olap_odcitablestart type remote
References
- http://secniche.org/papers/orabs.pdf
- http://secunia.com/advisories/33525
- http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html
- http://www.securityfocus.com/archive/1/500171/100/0/threaded
- http://www.securityfocus.com/bid/33177
- http://www.securitytracker.com/id?1021568
- http://www.vupen.com/english/advisories/2009/0115