"Oracle Application Server 10g offers a comprehensive solution for developing, integrating, and deploying your enterprise's applications, portals, and Web services. Based on a powerful and scalable J2EE server, Oracle Application Server 10g provides complete business integration and business intelligence suites, and best-of-breed portal software. Oracle Application Server 10g is the only platform designed for grid computing as well as full lifecycle support for Service-Oriented Architecture (SOA)."
A vulnerable server side component allows remote access to files outside of the application's root directory with permissions of the LocalSystem process. No authentication is required.
Vulnerable Systems:
* Oracle Application Server 10g Release 3 (10.1.3.0.0)
The server side component EmChartBean is part of the Oracle Enterprise Manager 10g Application Server Control Software. EmChartBean is vulnerable to a directory traversal attack.
The vulnerability can be exploited by sending an unauthenticated http GET request. Remote access is granted to files outside of the application's root directory with permissions of the Javaw.exe process, which by default runs with LocalSystem privileges.
The server side component EmChartBean only exists at runtime, and is unpacked from a JAR file after an initial call to the login page. Thus, a single request to the login page is required before an attacker can successfully exploit the vulnerability.
Recommendation:
Follow your organization's testing procedures before applying patches or workarounds. Symantec recommends that customers should apply Oracle's update as soon as possible.
Oracle strongly recommends applying the Oracle Enterprise Manager patches released with the January 2007 Critical Patch Update to all instances affected by this problem.
