Title: Oracle Forms Services Unauthorized Form Execution Vulnerability
Severity: MODERATE
Description:
Oracle Forms Services is a service designed to provide the framework to create enterprise database applications. It supports a Web interface for ease of access.
Oracle Forms report files (.fmx files) have the ability to execute arbitrary commands by defining triggers.
Oracle Forms Services is susceptible to an unauthorized form execution vulnerability.
This issue presents itself in the Web interface of Oracle Forms. The 'form', and 'module' parameters of 'f90servlet' improperly allows attackers to specify absolute pathnames for forms.
By placing a form file in a globally accessible location, users can trigger the execution of the form by issuing an HTTP GET request to the affected servlet containing the full path of the file.
Attackers may exploit this vulnerability to execute arbitrary commands with the privileges of the Oracle account under which the server is executing.
It should be noted that this issue may be remotely exploited if an attacker has means to write files to the serving computer (WebDAV, FTP, CIFS, etc.) without local access.
Affected Products:
- Oracle Forms And Reports 0.0.010g
- Oracle Forms And Reports 0.0.06i
- Oracle Forms And Reports 0.0.09i
- Oracle Forms And Reports 4.5.10.22
- Oracle Forms And Reports 5.0.0
- Oracle Forms And Reports 6.0.8.25
References:
- Oracle: Oracle Homepage
- Red-Database-Security GmbH: Run any OS Command via unauthorized Oracle Forms
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
