CVE-2006-5359

Name of the Vulnerable Software and Affected Versions Oracle Application Server versions 9.0.4.3 and 10.1.2.0.2 Oracle E-Business Suite and Applications version 11.5.10CU2

Description The issue concerns multiple unspecified vulnerabilities in the Oracle Reports Developer component. These vulnerabilities have unknown impact and can be exploited remotely. The vulnerabilities are reportedly related to showenv and parsequery for one issue, and cellwrapper and delimiter for another.

Recommendations For Oracle Application Server versions 9.0.4.3 and 10.1.2.0.2, consider restricting access to the Oracle Reports Developer component until a fix is available. For Oracle E-Business Suite and Applications version 11.5.10CU2, avoid using the showenv and parsequery functions, as well as the cellwrapper and delimiter functions, in the Oracle Reports Developer component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.