Summary
Oracle E-Business Suite/Oracle Forms is prone to a remote security vulnerability in Oracle Applications Technology Stack.
Impact
The vulnerability can be exploited over the 'HTTP' protocol. The 'Oracle Forms' sub component is affected.
Solution
Updates are available.
Insight
Oracle Forms 10g contains code that does not properly validate user input.
Affected
This vulnerability affects the following supported versions:
Oracle E-Business Suite 12..6, 12.1.3, 12.2.2, 12.2.3, 12.2.4 Oracle Forms 10g
Detection
Send some special crafted HTTP GET request and check the response.
References
Severity
Classification
-
CVE CVE-2014-4278 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Artmedic Kleinanzeigen File Inclusion Vulnerability
- 3Com OfficeConnect VPN Firewall Default Password Security Bypass Vulnerability
- AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
- Atutor AContent Multiple SQL Injection and XSS Vulnerabilities
- Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability