X

The Latest Oracle E-Business Suite Technology News direct from
Oracle E-Business Suite Development & Product Management

EBS Security Feature Allowed Redirects Now Available for EBS 12.1.3

Elke Phelps
Product Management Director

I am pleased to announce the availability of the Allowed Redirects security feature for Oracle E-Business Suite 12.1.3. The Allowed Redirects feature is available for Oracle E-Business Suite 12.1.3 with Patch 30110924

What protection is provided with Allowed Redirects?

The HTTP response status code "302 Found" redirect is a common method for redirecting a URL. Client redirects are a potential attack vector. The Oracle E-Business Suite Allowed Redirects feature lets you define a whitelist of allowed redirects for your Oracle E-Business Suite 12.1.3 environment.

When the Allowed Redirects feature is enabled, redirects to sites that are not configured in your whitelist are forbidden. This provides defense against unknown and potentially damaging sites. The following is an example of an attack that the Allowed Redirects feature will prevent if properly configured:

Your users will see an error message if a redirect is blocked by the Allowed Redirects feature:

Note: Allowed Redirects will only block navigation to sites that happen via client redirects. It is not intended to prevent other methods for accessing external sites.

Where Can I Learn More?

References

Related Articles

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.