CVE-2014-6271 and CVE-2014-7169 on servers running Oracle Weblogic with Forms and Reports Servers
Hi All,
Our Oracle Weblogic is running in Redhat 6 with GNU bash, version 4.1.2
We just update the bash on our oracle WL server to address the subject vulnerability.
After that, users reported that their forms CANNOT call Oracle Reports any more. I have test to call report directly using URL and it's OK. It means that report server is OK. The problem is only when users use Oracle Form to call Oracle Report. This process is hang forever and I check in Oracle Report showjob , there is no job hanging.
http://report_server_name:8888/reports/rwservlet/showjobs?server=rep_test