Reports and Forms Server Vulnerabilities
Posted: 20 July 2005 11:58 PM
Newbie
Rank
Total Posts:  1
Joined  2005-07-19

http://www.red-database-security.com/advisory/oracle_reports_overwrite_any_file.html
http://www.red-database-security.com/advisory/oracle_forms_run_any_os_command.html
http://www.red-database-security.com/advisory/oracle_reports_run_any_os_command.html
http://www.red-database-security.com/advisory/oracle_reports_read_any_file.html
http://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html
http://www.red-database-security.com/advisory/oracle_reports_various_css.html

Does anyone know if the Apps a vulnerable to these? I’m thinking so. If so, all of the fixes that are detailed will be nuked whenever you Autoconfig, anyone know a way around that other than modifying the Autoconfig templates?

Profile