• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Oracle Configurator System Information Leak Vulnerability

An issue has been discovered in Oracle Configurator, which could allow a remote user to gain knowledge of sensitive system information.

This issue is achievable when submitting certain requests to the 'oracle.apps.cz.servlet.UiServlet' servlet. The host can be led to reveal the version, hostname and port information.

This information can be used to assist in further attacks against the host.