Imperva Discovers Oracle Flaw in Patch

FOSTER CITY, Calif. -- WHO:Imperva Application Defense Center (ADC)

WHAT:Discovered a Cross Site Scripting (XSS) vulnerability that affectsthe Oracle E-Business Suite (EBS). This vulnerability can be exploited for stealing sensitive data and executing Phishing attacks. More specifically, data can be stolen from users of the business suite, whether they are employees of the organization that deploys EBS or partners that access it in a self-service mode. Oracle released a Critical Patch Update today that addresses this vulnerability and others. Imperva SecureSphere Database Security Gateway and Web Application Firewall appliances automatically protect Oracle products against this flaw until it is patched. These protection capabilities are outlined in the Imperva Security Advisory entitled "Oracle EBS - XSS Vulnerability".

WHERE:The Oracle Critical Patch Update is located at:http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2007.htmlThe Imperva Security Advisory is available at:http://www.imperva.com/application_defense_center/papers/oracle-ebs-07172007.html

WHEN:Oracle released the Critical Patch Update today, July 17th, 2007.

HOW:ADC conducts ongoing research into database security issues, anddiscovered this vulnerability during an in-depth analysis of Oracle E- Business Suite. ADC's research findings are used to enhance the SecureSphere product line with next generation attack detection and protection features.

Imperva Inc.