Vulnerability Description
The communications protocol for the Report Review Agent (RRA), aka FND File Server (FNDFS) program, in Oracle E-Business Suite 10.7, 11.0, and 11.5.1 to 11.5.8 allows remote attackers to bypass authentication and obtain sensitive information from the Oracle Applications Concurrent Manager by spoofing requests to the TNS Listener.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | E-Business Suite | 10.7 |
References
- http://marc.info/?l=bugtraq&m=105012832418415&w=2
- http://otn.oracle.com/deploy/security/pdf/2003alert53.pdfPatchVendor Advisory
- http://securitytracker.com/id?1006550Patch
- http://www.integrigy.com/alerts/FNDFS_Vulnerability.htm
- http://www.kb.cert.org/vuls/id/168873Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/7325Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11768
- http://marc.info/?l=bugtraq&m=105012832418415&w=2
- http://otn.oracle.com/deploy/security/pdf/2003alert53.pdfPatchVendor Advisory
- http://securitytracker.com/id?1006550Patch
- http://www.integrigy.com/alerts/FNDFS_Vulnerability.htm
- http://www.kb.cert.org/vuls/id/168873Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/7325Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11768
FAQ
What is CVE-2003-1116?
CVE-2003-1116 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The communications protocol for the Report Review Agent (RRA), aka FND File Server (FNDFS) program, in Oracle E-Business Suite 10.7, 11.0, and 11.5.1 to 11.5.8 allows remote attackers to bypass authen...
How severe is CVE-2003-1116?
CVE-2003-1116 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1116?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle E-Business Suite.