Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1116

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2003-1116
Last Modified 05 Sep 2008 04:36:05
Published 31 Dec 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-1116

Summary

The communications protocol for the Report Review Agent (RRA), aka FND File Server (FNDFS) program, in Oracle E-Business Suite 10.7, 11.0, and 11.5.1 to 11.5.8 allows remote attackers to bypass authentication and obtain sensitive information from the Oracle Applications Concurrent Manager by spoofing requests to the TNS Listener.

Vulnerable Systems

Application

  • Oracle E-business Suite 10.7

  • Oracle E-business Suite 11.0

  • Oracle E-business Suite 11.1

  • Oracle E-business Suite 11.2

  • Oracle E-business Suite 11.3

  • Oracle E-business Suite 11.4

  • Oracle E-business Suite 11.5

  • Oracle E-business Suite 11.6

  • Oracle E-business Suite 11.7

  • Oracle E-business Suite 11.8


References

CERT-VN - VU#168873

BID - 7325

SECTRACK - 1006550

CONFIRM - http://otn.oracle.com/deploy/security/pdf/2003alert53.pdf

XF - oracle-rra-authentication-bypass(11768)

MISC - http://www.integrigy.com/alerts/FNDFS_Vulnerability.htm

BUGTRAQ - 20030411 Integrigy Security Advisory - Oracle Applications FNDFS Vulnerability


Last Updated: 27 May 2016 10:38:14