OSVDB ID: 39921

Title: Oracle PeopleSoft JD Edwards HTTP Server Browser Cache Login Credential Disclosure

Info

Disclosure
Apr 18, 2007

Discovery
Unknown

Dates

Exploit
Unknown

Solution
Unknown

Description

 PeopleSoft JD Edwards HTML Server and OneWorld Tools contain a flaw that may lead to an unauthorized password exposure. It is possible to gain access to login credentials via an unspecified browser cache issue, which may lead to a loss of confidentiality.

Classification

 Location: Remote / Network Access
Attack Type: Information Disclosure
Impact: Loss of Confidentiality, Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Authentication Required, Web Related

Solution

 Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle Corporation has released a patch (8.96.IC For JD Edwards line, and SP23_QC for OneWorld line) to address this vulnerability.

Products

Oracle Corporation

PeopleSoft JD Edwards HTML Server

 Up to 8.96.I1

PeopleSoft OneWorld Tools

 SP23_Q1

References

Credit

Unknown or Incomplete


Direct URL: http://osvdb.org/39921