Oracle warns of security flaws

Oracle warns of security flaws

Oracle has warned of two serious security vulnerabilities in its E-Business Suite product.

If left unattended, the software vulnerabilities could enable an attacker to run malicious code on an E-Business Suite server or view product configuration information.

A buffer overflow vulnerability in an E-Business Suite component called FNDWRR could let an attacker cause that program to crash, Oracle said.

FNDWRR is a common gateway interface (CGI) program that lets customers view Oracle reports and log files through a Web browser, according to an alert released by Integrigy, a security research firm that discovered the vulnerabilities.

Attackers could use a Web browser and specially crafted Uniform Resource Locators (URLs) to create a buffer overflow, crippling FNDWRR.

Attacks against FNDWRR would not disable the E-Business Suite product, Oracle said.

But Integrigy warned that the vulnerabilities could allow attackers to run malicious code on the server running E-Business Suite.

Follow Us

Join the newsletter!

Error: Please check your email address.
Show Comments