Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Imperva Discovers Oracle Flaw in Patch

FOSTER CITY, Calif. -- WHO: Imperva Application Defense Center (ADC)

WHAT: Discovered a Cross Site Scripting (XSS) vulnerability that affects
the Oracle E-Business Suite (EBS). This vulnerability can be exploited for stealing sensitive data and executing Phishing attacks. More specifically, data can be stolen from users of the business suite, whether they are employees of the organization that deploys EBS or partners that access it in a self-service mode. Oracle released a Critical Patch Update today that addresses this vulnerability and others. Imperva SecureSphere Database Security Gateway and Web Application Firewall appliances automatically protect Oracle products against this flaw until it is patched. These protection capabilities are outlined in the Imperva Security Advisory entitled "Oracle EBS - XSS Vulnerability".

WHERE: The Oracle Critical Patch Update is located at:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/...
ul2007.html
The Imperva Security Advisory is available at:
http://www.imperva.com/application_defense_center/papers/oracle-ebs-0717...
.html

WHEN: Oracle released the Critical Patch Update today, July 17th, 2007.

HOW: ADC conducts ongoing research into database security issues, and
discovered this vulnerability during an in-depth analysis of Oracle E- Business Suite. ADC's research findings are used to enhance the SecureSphere product line with next generation attack detection and protection features.

Imperva Inc.