Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2011-2317 to a friend New vulnerability? New tool? Tell us	CVE-2011-2317 Oracle JDEdwards EnterpriseOne Tools Arbitrary File Upload Vulnerability     Credit: The original article can be found at: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2317 The original article can be found at: http://www.securityfocus.com/bid/51456/discuss Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2011-2317 Details Check for CVE-2011-2317 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  *Oracle JD Edwards EnterpriseOne Server 9.0  *Oracle JD Edwards EnterpriseOne 8.95 _F1  *Oracle JD Edwards EnterpriseOne 8.95 _B1  *Oracle JD Edwards EnterpriseOne 8.94 _Q1  *Oracle JD Edwards EnterpriseOne 8.98.4.1  *Oracle JD Edwards EnterpriseOne 8.98  *Oracle JD Edwards EnterpriseOne 8.97  *Oracle JD Edwards EnterpriseOne 8.96  *Oracle JD Edwards EnterpriseOne 8.95.J1  *Oracle JD Edwards EnterpriseOne 8.95  *Oracle JD Edwards EnterpriseOne 8.9 GA Oracle JD Edwards EnterpriseOne Tools is prone to a Arbitrary File Upload vulnerability The vulnerability can be exploited over the 'JDENET' protocol. The 'Enterprise Infrastucture SEC (JDNET)' sub component is affected. Exploiting this issue can allow an attacker to upload arbitrary code and run it in the context of the webserver process. Vendor Status: Orcale had since issued an update for this vulnerability Patch Availability: http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html CVE Information: CVE-2011-2317 Disclosure Timeline: 2012-January-23 Rev 3. Updated JD Edwards information for One World Tools SP24 2012-January-18 Rev 2. Updated credit information 2012-January-17 Rev 1. Initial Release  Comments on CVE-2011-2317:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®