CVE-2003-1116

The communications protocol for the Report Review Agent (RRA), aka FND File Server (FNDFS) program, in Oracle E-Business Suite 10.7, 11.0, and 11.5.1 to 11.5.8 allows remote attackers to bypass authentication and obtain sensitive information from the Oracle Applications Concurrent Manager by spoofing requests to the TNS Listener.

Published: Dec 31, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-1116
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
oracle / e-business_suite	11.3	11.3.x
oracle / e-business_suite	11.1	11.1.x
oracle / e-business_suite	11.0	11.0.x
oracle / e-business_suite	11.6	11.6.x
oracle / e-business_suite	11.2	11.2.x
oracle / e-business_suite	11.8	11.8.x
oracle / e-business_suite	10.7	10.7.x
oracle / e-business_suite	11.5	11.5.x
oracle / e-business_suite	11.4	11.4.x
oracle / e-business_suite	11.7	11.7.x

http://marc.info/?l=bugtraq&m=105012832418415&w=2
http://otn.oracle.com/deploy/security/pdf/2003alert53.pdf
http://securitytracker.com/id?1006550
http://www.integrigy.com/alerts/FNDFS_Vulnerability.htm
http://www.kb.cert.org/vuls/id/168873
http://www.securityfocus.com/bid/7325
https://exchange.xforce.ibmcloud.com/vulnerabilities/11768

Vulnerability Database

289,784

CVE-2003-1116