Oracle E-Business Suite Techstack Flaw Lets Remote Users Partially Access Data
|
SecurityTracker Alert ID: 1029191 |
SecurityTracker URL: http://securitytracker.com/id/1029191
|
CVE Reference:
CVE-2013-5792
(Links to External Site)
|
Date: Oct 16 2013
|
Impact:
Disclosure of system information, Disclosure of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 12.1
|
Description:
A vulnerability was reported in Oracle E-Business Suite. A remote user can partially access data.
A remote user can exploit a flaw in the Techstack component to partially access data.
The following researchers reported these and other Oracle vulnerabilities:
Adam Gowdiak of Security Explorations; Adam Willard of Foreground Security; Adi Ludmer of McAfee Labs; Ajinkya Patil of AVsecurity.in; Alex Kouzemtchenko of Security Research Lab via CERT/CC; Alex Rajan of Network Intelligence; Alexander Polyakov of
ERPScan; Alexander Tlyapov of Positive Technologies; Alexey Osipov of Positive Technologies; Alexey Tyurin of ERPScan (Digital Security Research Group); Anagha Devale-Vartak of AVsecurity.in; Andrea Micalizzi aka rgod, working with HP's Zero Day
Initiative; Andrew Davies formerly of NCC Group; Ben Murphy via HP's Zero Day Initiative; CERT/CC; Chris Ries via the Exodus Intelligence Program; Dave Bryant of Orion Health; Dmitry Sklyarov of Positive Technologies; Esteban Martinez Fayo formerly
of Application Security Inc.; HUAWEI PSIRT; James Forshaw of Context Information Security; Jeroen Frijters; Jon Passki of Security Research Lab via CERT/CC; Juraj Somorovsky of Ruhr-University Bochum; Manuel Garcia Cardenas of Internet Security
Auditors; Positive Research Center (Positive Technologies Company); Qinglin Jiang formerly of Application Security Inc; Rohan Stelling of BAE Systems Detica; Sam Thomas of Pentest Limited; Timur Yunusov of Positive Technologies; Tom Parker of Orion
Health; Travis Emmert via iDefense; Vinesh N. Redkar; Will Dormann of CERT/CC; and Yuki Chen of Trend Micro.
|
Impact:
A remote user can partially access data.
|
Solution:
The vendor has issued a fix as part of Oracle Critical Patch Update Advisory - October 2013.
The vendor's advisory is available at:
http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
|
Vendor URL: www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html (Links to External Site)
|
Cause:
Not specified
|
Underlying OS: Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), UNIX (Tru64), Windows (NT), Windows (2000), Windows (2003), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|