I am pleased to announce the availability of the Allowed Redirects security feature for Oracle E-Business Suite 12.1.3. The Allowed Redirects feature is available for Oracle E-Business Suite 12.1.3 with Patch 30110924.
What protection is provided with Allowed Redirects?
The HTTP response status code “302 Found” redirect is a common method for redirecting a URL. Client redirects are a potential attack vector. The Oracle E-Business Suite Allowed Redirects feature lets you define a whitelist of allowed redirects for your Oracle E-Business Suite 12.1.3 environment.
When the Allowed Redirects feature is enabled, redirects to sites that are not configured in your whitelist are forbidden. This provides defense against unknown and potentially damaging sites. The following is an example of an attack that the Allowed Redirects feature will prevent if properly configured:
Note: Allowed Redirects will only block navigation to sites that happen via client redirects. It is not intended to prevent other methods for accessing external sites.
Where Can I Learn More?
- Read more about the Allowed Redirects feature available in Secure Configuration for Oracle E-Business Suite Release 12.1 (MOS Note 403537.1).
- Watch the online course for the Allowed Redirects available in Oracle E-Business Suite Release 12.1 and 12.2 Transfer of Information (TOI) Online Training (Note 807319.1).
- Watch the Webinar: Secure Oracle E-Business Suite Using Features, Configuration and Certifications.
References
- FAQ: Oracle E-Business Suite Security (Note 2063486.1)
- Secure Configuration for Oracle E-Business Suite Release 12.1 (MOS Note 403537.1)