Intrusion Prevention

Oracle.EBusiness.Suite.Arbitrary.Document.Download

Description

This vulnerability allows remote attackers to download any existing
document in the APPS.FND_DOCUMENTS table from vulnerable installations of
Oracle E-Business Suite. Authentication is not required to exploit this
vulnerability.

Affected Products

Oracle E-Business Suite Release 11i, versions 11.5.7 - 11.5.10 CU2
Oracle E-Business Suite Release 12, version 12.0.0

Impact

Arbitrary document download.

Recommended Actions

Please refer to http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html for the latest update.

CVE References

CVE-2007-2135

Other References

ZDI-07-017