Intrusion Prevention

Oracle.EBusiness.Suite.Arbitrary.Node.Deletion

Description

Oracle E-Business Suite has an Arbitrary Node Deletion vulnerability. A remote attacker could delete any existing Document Management node on vulnerable installations of Oracle E-Business Suite by sending a specially crafted HTTP request.

Affected Products

Oracle E-Business Suite.

Impact

Data deletion.

Recommended Actions

Apply patch, available from the Web site.
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html

CVE References

CVE-2007-2170

Other References

ZDI-07-016