[Previous entry: "Meet the experts (Oracle Security) at Oracle Open World - an open standard for securing Oracle"] [Next entry: "Larry Ellison speaks about fixing security bugs"]
A new paper on a security hole in Application Server Control
September 25th, 2005 by Pete
Post to del.icio.us
Post to Furl
I received an email from Dirk Nachbar to let me know that he has released a new paper concerning a security hole in the application server control. If you want to trace Forms Sessions out of the Application Server Control Web Front end you have to provide a Hostuser name and his password (normally the Oracle Software Installation user: oracle). This Information, the Username and Password will be displayed in the URL and stored in clear text in a logfile. Dirk also provides a workaround for the bug how to avoid this behaviour. At the moment the WhitePaper is only available in German, but will be available soon in English. The paper is titled "Forms tracing im Application Server Control Eine Sicherheitslucke?"
