Forceful Browsing / Information Gathering
(Doc ID 2383606.1)
Last updated on JANUARY 15, 2019
Applies to:Oracle Financial Services Revenue Management and Billing - Version 220.127.116.11.0 and later
Information in this document applies to any platform.
It is possible to list the content of certain directories on this application. This could allow a malicious user to locate files in the web directories that are not normally exposed through links on the web site, e.g. password files, scripts, customer information. Vulnerable Directories: http://www.site.com/folder.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document