CVE-2003-0633

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 11.5.1 through 11.5.8

Description: The issue allows a remote attacker to obtain sensitive information without authentication, including the GUEST user password and the application server security key, due to multiple vulnerabilities in the aoljtest.jsp of Oracle Applications AOL/J Setup Test Suite.

Recommendations: For Oracle E-Business Suite versions 11.5.1 through 11.5.8, consider restricting access to the aoljtest.jsp page until a fix is available. As a temporary workaround, limit the exposure of sensitive information by implementing additional authentication measures for accessing the GUEST user password and the application server security key. At the moment, there is no information about a newer version that contains a fix for this vulnerability.