Forceful Browsing / Information Gathering
(Doc ID 2383606.1)
Last updated on DECEMBER 04, 2019
Applies to:
Oracle Financial Services Revenue Management and Billing - Version 2.4.0.1.0 and laterInformation in this document applies to any platform.
Purpose
It is possible to list the content of certain directories on this application. This could allow a malicious user to locate files in the web directories that are not normally exposed through links on the web site, e.g. password files, scripts, customer information. Vulnerable Directories: http://www.site.com/folder.
Details
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Purpose |
Details |