CVE-2003-1116

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite versions 10.7, 11.0, 11.5.1 through 11.5.8

Description The issue allows remote attackers to bypass authentication and obtain sensitive information from the Oracle Applications Concurrent Manager by spoofing requests to the TNS Listener. This is due to a flaw in the communications protocol for the Report Review Agent (RRA), also known as the FND File Server (FNDFS) program.

Recommendations For Oracle E-Business Suite versions 10.7, 11.0, and 11.5.1 through 11.5.8, consider restricting access to the TNS Listener to minimize the risk of exploitation. As a temporary workaround, restrict the use of the RRA protocol until a patch is available. Avoid using the vulnerable protocol to access sensitive information from the Oracle Applications Concurrent Manager until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.