- ADF Alert - Facelets Vulnerability in ADF 11g R2 and 12c. If you are running your application in ADF 11g R2 or 12c environment and using facelets - you should double check, if a source code for the facelet pages is not accessible through the URL. There is another security vulnerability in ADF 11g R2, documented here - Alert for ADF Security - JSF 2.0 Vulnerability in ADF 11g R2. Apparently this is a patch from Oracle for JSF 2.0 vulnerability and also there is a manual fix. However neither patch or manual fix are not applied by default, potentially your source code could be exposed for public access. This is why I post it on the blog - for all ADF users to be aware.
- Download - VulnerabilityTestCase_v2.zip
No comments:
Post a Comment