Advisory Details

April 18th, 2007

Oracle E-Business Suite Arbitrary Document Download Vulnerability

ZDI-07-017
ZDI-CAN-132

CVE ID CVE-2007-2135
CVSS SCORE
AFFECTED VENDORS Oracle / PeopleSoft
AFFECTED PRODUCTS Database Server
TREND MICRO CUSTOMER PROTECTION Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['4924']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS

This vulnerability allows remote attackers to download any existing document in the APPS.FND_DOCUMENTS table on vulnerable installations of Oracle E-Business Suite. Authentication is not required to exploit this vulnerability.

The specific flaw exists in the ADI_BINARY component of the E-Business Suite. The component exposes a parameter that can also be passed to ADI_DISPLAY_REPORT to allow an attacker to view any document in the APPS.FND_DOCUMENTS table. An attacker can cycle through all document IDs to display each document that exists.

ADDITIONAL DETAILS Oracle / PeopleSoft has issued an update to correct this vulnerability. More details can be found at:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html
DISCLOSURE TIMELINE
  • 2007-01-29 - Vulnerability reported to vendor
  • 2007-04-18 - Coordinated public release of advisory
CREDIT Joxean Koret
BACK TO ADVISORIES