Intrusion Prevention

Oracle.E-business.Suite.Arbitrary.File.Upload

Description

This indicates an attack attempt against an Arbitrary File Upload vulnerability in Oracle E-Business Suite.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application while handling maliciously crafted file upload request. A remote attacker can exploit this to execute arbitrary code within context of the affected application via a crafted file upload request

Affected Products

Oracle E-Business Suite version 12.2.4 and prior version

Impact

System Compromise: Remote attackers can execute arbitrary code in the context of the affected user

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

CVE References

CVE-2015-2652

Other References

CPUJUL2015-2367936