Oracle E-Business Suite Arbitrary Document Download Vulnerability
ZDI-07-017: April 18th, 2007CVE ID
Affected Vendors
Affected Products
-
Database Server
TippingPoint™ IPS Customer Protection
TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 4924. For further product information on the TippingPoint IPS:Vulnerability Details
This vulnerability allows remote attackers to download any existing document in the APPS.FND_DOCUMENTS table on vulnerable installations of Oracle E-Business Suite. Authentication is not required to exploit this vulnerability.
The specific flaw exists in the ADI_BINARY component of the E-Business Suite. The component exposes a parameter that can also be passed to ADI_DISPLAY_REPORT to allow an attacker to view any document in the APPS.FND_DOCUMENTS table. An attacker can cycle through all document IDs to display each document that exists.
Vendor Response
Oracle / PeopleSoft has issued an update to correct this vulnerability. More details can be found at:Disclosure Timeline
-
2007-01-29 - Vulnerability reported to vendor
2007-04-18 - Coordinated public release of advisory
Credit
This vulnerability was discovered by:-
Joxean Koret
