Ensure Oracle E-Business Suite is patched against CVE-2022-21587 .
Attackers use a specially crafted ZIP file (often named hax.zip in security write-ups) to bypass directory restrictions. Mechanism: The system accepts a uuencoded file. hAX.zip
Security researchers often structure this ZIP file to exploit the extraction process: hAX.zip
Help you has been targeted by this exploit? Oracle CVE-2022-21587 Technical Analysis - Zybnev Sergey hAX.zip
Once decoded, the resulting ZIP file is extracted by the server.
Restrict write permissions on web-accessible directories to prevent the execution of uploaded scripts.
The vulnerability exists in the BneMultipartRequest class, which handles file uploads for the Oracle Web Applications Desktop Integrator (Web ADI). Arbitrary File Upload leading to RCE.
