A potential security vulnerability has been discovered in the Oracle Files component that ships with Oracle Collaboration Suite Release 1. A knowledgeable and malicious user of Oracle Files can potentially access restricted content. In the Oracle Files component that ships with Oracle Collaboration Suite Release 1, Oracle WebCache has default cacheability rules for the following types of files: js, html, pdf, bmp/png, and jpg/jpeg. Releases previous to Oracle Files Release 126.96.36.199.6 did not override these cacheability rules. Interactions with the Oracle Files component and these rules can lead to the unauthorized access of restricted content by any user of Oracle Files.
- Oracle Files Release 188.8.131.52.x
- Oracle Files Release 184.108.40.206.0
- Oracle Files Release 220.127.116.11.x
NOTE: Oracle Files Release 18.104.22.168.x and later releases are not affected. Ebusiness Suite is not affected.
The article continues at http://otn.oracle.com/deploy/security/pdf/2003alert60.pdf