[
From Oracle Technology Network]
A potential security vulnerability has been discovered in the Oracle Files component that ships with
Oracle Collaboration Suite Release 1. A knowledgeable and malicious user of Oracle Files can
potentially access restricted content.
In the Oracle Files component that ships with Oracle Collaboration Suite Release 1, Oracle
WebCache has default cacheability rules for the following types of files: js, html, pdf, bmp/png,
and jpg/jpeg. Releases previous to Oracle Files Release 9.0.3.3.6 did not override these
cacheability rules. Interactions with the Oracle Files component and these rules can lead to the
unauthorized access of restricted content by any user of Oracle Files.
Products Affected:
- Oracle Files Release 9.0.3.1.x
- Oracle Files Release 9.0.3.2.0
- Oracle Files Release 9.0.3.3.x
NOTE: Oracle Files Release 9.0.4.1.x and later releases are not affected. Ebusiness
Suite is
not affected.
The article continues at
http://otn.oracle.com/deploy/security/pdf/2003alert60.pdf
» 
Comment and Contribute
