|
|
CVE Reference: CVE-2007-2135 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-2135 |
|
|
Description: The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128. |
|
|
CVE Status: Candidate |
|
|
References: SREASON http://securityreason.com/securityalert/2612 OSVDB 39959 MISC http://www.zerodayinitiative.com/advisories/ZDI-07-017.html http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/466215/100/0/threaded |
|
| Return to the previous page. |
