Oracle warns of security flaws

Oracle warns of security flaws

Oracle has warned of two serious security vulnerabilities in its E-Business Suite product.

If left unattended, the software vulnerabilities could enable an attacker to run malicious code on an E-Business Suite server or view product configuration information.

A buffer overflow vulnerability in an E-Business Suite component called FNDWRR could let an attacker cause that program to crash, Oracle said.

FNDWRR is a common gateway interface (CGI) program that lets customers view Oracle reports and log files through a Web browser, according to an alert released by Integrigy, a security research firm that discovered the vulnerabilities.

Attackers could use a Web browser and specially crafted Uniform Resource Locators (URLs) to create a buffer overflow, crippling FNDWRR.

Attacks against FNDWRR would not disable the E-Business Suite product, Oracle said.

But Integrigy warned that the vulnerabilities could allow attackers to run malicious code on the server running E-Business Suite.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.


Brand Post

Show Comments