Oracle Business Transaction Management Server ‘deleteFile()’ Arbitrary File Deletion Vulnerability
The original article can be found at: http://www.securityfocus.com/bid/54870
The information has been provided by Jordi Chancel .
*Oracle Business Transaction Management Server ‘deleteFile()’ Arbitrary File Deletion Vulnerability
Attackers can exploit this issue with directory-traversal strings (‘../’) to delete arbitrary files; this may aid in launching further attacks.Oracle Business Transaction Management Server 188.8.131.52.7 is vulnerable; prior versions may also be affected.
Currently we are not aware of any vendor-supplied patches
Initial Release: Aug 07 2012