Imperva Discovers and Helps Oracle Address Security Vulnerability in E-Business Suite

Business Wire, July 17, 2007

Application Defense Center Submitted Cross Site Scripting Vulnerability to Oracle; Critical Update Patch Released Today

Imperva

WHO: Imperva Application Defense Center (ADC)

WHAT: Discovered a Cross Site Scripting (XSS) vulnerability that affects the Oracle E-Business Suite (EBS). This vulnerability can be exploited for stealing sensitive data and executing Phishing attacks. More specifically, data can be stolen from users of the business suite, whether they are employees of the organization that deploys EBS or partners that access it in a self-service mode. Oracle released a Critical Patch Update today that addresses this vulnerability and others. Imperva SecureSphere Database Security Gateway and Web Application Firewall appliances automatically protect Oracle products against this flaw until it is patched. These protection capabilities are outlined in the Imperva Security Advisory entitled "Oracle EBS - XSS Vulnerability".

WHERE: The Oracle Critical Patch Update is located at: www.oracle.com/technology/deploy/security/critical -patch-updates/cpujul2007.html (Due to the length of this URL, it may be necessary to copy and paste it into your Internet browser's URL address field. You may also need to remove an extra space in the URL if one exists.)

The Imperva Security Advisory is available at: http://www.imperva.com/application_defense_center /papers/oracle-ebs-07172007.html (Due to the length of this URL, it may be necessary to copy and paste it into your Internet browser's URL address field. You may also need to remove an extra space in the URL if one exists.)

WHEN: Oracle released the Critical Patch Update today, July 17th, 2007.

HOW: ADC conducts ongoing research into database security issues, and discovered this vulnerability during an in-depth analysis of Oracle E- Business Suite. ADC's research findings are used to enhance the SecureSphere product line with next generation attack detection and protection features.

About Imperva

Imperva is the leader in application data security and compliance. Leading enterprise and government organizations worldwide rely on Imperva to prevent data theft and abuse, and ensure data integrity. The company's SecureSphere products provide data governance and protection solutions that monitor, audit and secure business applications and databases. For more information, visit www.imperva.com.

About the Imperva Application Defense Center

Imperva's independent research organization, the Application Defense Center (ADC), is internationally recognized for its leadership in security and compliance research and education. ADC research combines extensive lab work with hands-on practice in real world environments to ensure that Imperva's products have the most advanced technology, up-to-date threat protection, and practical compliance automation on the market. The ADC also regularly works with vendors of commercial business application and database products to communicate newly discovered vulnerabilities and mitigation techniques to the market in an effort to raise overall awareness and protection.