Protection Against Oracle Reports Arbitrary File Writing
Author: Dave Lewis
For you Checkpoint users out there. There is now a SmartDefense update to managed this problem. This one of there better features available in the FW1 stable. I refer to this often as the “buying time” feature. 
Oracle Reports is an enterprise reporting tool that extracts data from multiple sources and inserts it into a formatted report. Oracle Reports fails to validate URI parameters, possibly allowing a remote attacker to read arbitrary files on the Reports Server.
Tags: Checkpoint, FW1, Oracle
