IGS: Vulnerability (security hole in level 3 was found)

Similar Messages

• IGS: Vulnerability "security hole in level 3"

  Hi!
  We are using SAP ERP 6.0 system with an ingetrated IGS 7.0
  We already changed IGS according to sap note 896400 to the version 7.00 (Patch 15)
  When we run scan on demand we get the following information: 
  A security hole in level 3 was found at server ServerX.
  Vulnerability-Level [highest]: 3
  Vulnerability-Level [highest counted]: 0
  Vulnerability Details
  Date: Sun 10 May 2009  1:26:13 MET
  Vuln: 300803
  Vulnerability: SAPXPG Remote OS Command Execution at sysnr 3
  ToDo: Set up a project to implement access restriction rules to RFC programs
  with the 'secinfo' and 'reginfo' (only available in SAP Netweaver) mechanism
  CertRef: M906071, SAP 30/08
  Tool Reference: proprietary CERT and IPINS scanner
  Comment:
  Counted in: 2009-07
  Monitor:
  Date: Sun 10 May 2009  1:26:17 MET
  Vuln#: 100806
  Vulnerability: External Server Registration is possible at sysnr 3
  ToDo: Secure remote registration of RFC programs (only possible in SAP Basis
  7.00 and later)
  CertRef: M906071
  Tool Reference: proprietary CERT and IPINS scanner
  Comment:
  Counted in: 2009-07
  Monitor:
  Date: Sun 10 May 2009  1:26:17 MET
  Vuln#: 101802
  Vulnerability: IGS HTTP Administration is enabled and this version has
  reported vulnerabilities at sysnr 3
  ToDo: Upgrade to a higher patch level, i.e., for BC-FES-IGS 6.40 Patch Level
  17 or higher and for  BC-FES-IGS 7.00 Patch Level 07 or higher
  CertRef: SAP 34/09
  Tool Reference: proprietary CERT and IPINS scanner
  Comment:
  Counted in: 2009-07
  Monitor:
  End of Vulnerability Details
  Question:
  What we have to do to avoid s security holein level 3?
  Thank you very much!
  regards

  Do you solved tye probllem below. ???  Can you help me.
  I have the same problem.
  What the format of secinfo, reginfo and what value to to profile gw/reg_no_conn_info ??
  Thanks,
  Vulnerability Details
  Date: Sun 10 May 2009 1:26:13 MET
  Vuln: 300803
  Vulnerability: SAPXPG Remote OS Command Execution at sysnr 3
  ToDo: Set up a project to implement access restriction rules to RFC programs
  with the 'secinfo' and 'reginfo' (only available in SAP Netweaver) mechanism
  CertRef: M906071, SAP 30/08
  Tool Reference: proprietary CERT and IPINS scanner
  Comment:
  Counted in: 2009-07
  Monitor:

• 2 level schema import: cvc-complex-type.2.4.a: Invalid content was found...

  HI
  I'm writing an application that gathers xml documents into batches, sends these batches to translation, receives them from translation and unpacks them.
  My documents are ads. I have a schema (x1.xsd) describing them. This schema imports another schema (x2.xsd). None of these are controlled by me (I need a very good reason to change them).
  I have created a new schema (x.xsd) for my batches. This schma imports the ad schema (x1.xsd).
  When I validate an example ad (x1.xml) using the ad schema (x1.xsd), validation is OK. This is the same for XML Spy, oracle.xml.schemavalidator.XSDValidator and org.dom4j.io.SAXReader
  When I validate an example batch (x.xml) with the same ad data in the batch,
  XML Spy says: Unexpected element 'AD' in element 'ADS'. Expected: AD
  oracle.xml.schemavalidator.XSDValidator says: XML-24521: (Error) Element not completed: 'ADS'org.dom4j.io.SAXReader says: cvc-complex-type.2.4.a: Invalid content was found starting with element 'AD'. One of '{"x/translation":AD}' is expected.
  By changing my batch xml by removing xmlns="x/ad" from the AD tag and prefix all "x/ad"-owned tags with ad:, I can make all validators validate.
  But I don't see the reason for this, and thus have some problems telling the supplier that we need to change the schema and xml...
  Notice that I do not have the corresponding problem in the x1.xsd / x2.xsd relationship !!??
  Any suggestions will be appreciated.
  /Jornsen
  I enclose a copy of the files mentioned above:
  x.xml:
  <TRANSLATION_BATCH batchId="8" xmlns="x/translation" xmlns:ad="x/ad" xmlns:gp="x/groups"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tl="x/translation" xsi:schemaLocation="x/translation
  C:\tmp\t.xsd">
    <LANGUAGES anattr="monoLanguageXmlAd">
      <LANG LangId="3"/>
      <LANG LangId="4"/>
    </LANGUAGES>
    <ADS>
      <AD adattr="hest" xmlns="x/ad" xmlns:gp="x/groups" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <LANGLIST>
          <LANG LangId="17"/>
        </LANGLIST>
        <ITEMLIST>
          <ITEM xmlns="x/groups" anattr="hund">
            <ITEM_INFO name="hest"/>
          </ITEM>
        </ITEMLIST>
      </AD>
    </ADS>
  </TRANSLATION_BATCH>x1.xml:
  <AD adattr="hest" xmlns="x/ad" xmlns:gp="x/groups" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="x/ad C:\tmp\t1.xsd">
    <LANGLIST>
      <LANG LangId="17"/>
    </LANGLIST>
    <ITEMLIST>
      <ITEM xmlns="x/groups" anattr="hund">
        <ITEM_INFO name="hest"/>
      </ITEM>
    </ITEMLIST>
  </AD>x.xsd:
  <xs:schema targetNamespace="x/translation" attributeFormDefault="unqualified" elementFormDefault="qualified"
  xmlns="x/translation" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:tl="x/translation" xmlns:ad="x/ad">
    <xs:import namespace="x/ad" schemaLocation="t1.xsd"/>
    <xs:element name="TRANSLATION_BATCH">
      <xs:complexType>
        <xs:sequence>
          <xs:element name="LANGUAGES">
            <xs:complexType>
              <xs:sequence>
                <xs:element name="LANG" maxOccurs="unbounded">
                  <xs:complexType>
                    <xs:attribute name="LangId" type="xs:string" use="required"/>
                  </xs:complexType>
                </xs:element>
              </xs:sequence>
              <xs:attribute name="anattr" type="xs:string"/>
            </xs:complexType>
          </xs:element>
          <xs:element name="ADS">
            <xs:complexType>
              <xs:sequence>
                <xs:element name="AD" type="ad:ADType"/>
              </xs:sequence>
            </xs:complexType>
          </xs:element>
        </xs:sequence>
        <xs:attribute name="batchId" type="xs:string" use="required"/>
      </xs:complexType>
    </xs:element>
  </xs:schema>x1.xsd:
  <xs:schema targetNamespace="x/ad" attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns="x/ad"
  xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ad="x/ad" xmlns:gp="x/groups">
    <xs:import namespace="x/groups" schemaLocation="t2.xsd"/>
    <xs:element name="AD" type="ad:ADType">
    </xs:element>
    <xs:complexType name="ADType">
      <xs:sequence>
        <xs:element name="LANGLIST" type="ad:LANGLISTType">
        </xs:element>
        <xs:element name="ITEMLIST" type="gp:ITEMLISTType">
        </xs:element>
      </xs:sequence>
      <xs:attribute name="adattr" type="xs:string" use="optional"/>
    </xs:complexType>
    <xs:complexType name="LANGType">
      <xs:attribute name="LangId" type="xs:int" use="required"/>
    </xs:complexType>
    <xs:complexType name="LANGLISTType">
      <xs:sequence>
        <xs:element name="LANG" type="ad:LANGType" maxOccurs="unbounded"/>
      </xs:sequence>
    </xs:complexType>
  </xs:schema>x2.xsd:
  <xs:schema xmlns="x/groups" xmlns:xs="http://www.w3.org/2001/XMLSchema" targetNamespace="x/groups"
  elementFormDefault="qualified" attributeFormDefault="unqualified">
    <xs:complexType name="ITEMLISTType">
      <xs:sequence>
        <xs:element name="ITEM" minOccurs="0" maxOccurs="unbounded">
          <xs:complexType>
            <xs:sequence>
              <xs:element name="ITEM_INFO" maxOccurs="unbounded">
                <xs:complexType>
                  <xs:attribute name="name" type="xs:string" use="required"/>
                </xs:complexType>
              </xs:element>
            </xs:sequence>
            <xs:attribute name="anattr" type="xs:string"/>
          </xs:complexType>
        </xs:element>
      </xs:sequence>
    </xs:complexType>
  </xs:schema>Message was edited by:
  Jornsen - formatting
  Message was edited by:
  Jornsen

  Hi Linyin,
  Please refer to: http://middlewaremagic.com/weblogic/?p=2034
  The Problem is missing element <web-resource-name> in your "web.xml" file..... which must be a Unique name of your Resource set which u want to make secure.....
  <security-constraint>
  <web-resource-collection>
  *<web-resource-name>MySecureResources</web-resource-name>*
  <description>Some Description</description>
  <url-pattern>/*</url-pattern>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
  </web-resource-collection>
  <auth-constraint>
  <role-name>admin</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>BASIC</auth-method>
  </login-config>
  <security-role>
  <role-name>admin</role-name>
  </security-role>
  Thanks
  Jay SenSharma
  http://middlewaremagic.com/weblogic   (Middleware Magic Is Here)

• More than one X.509 certificate was found with the specified parameters

  Greetings All,
  We are getting an error in our application event logs every minute or so and it seems to be causing search queries to fail. Same error is appearing in the ULS logs.
  System
  Provider
  Name]
  System.ServiceModel
  4.0.0.0
  EventID
  3
  Qualifiers]
  49154
  Level
  2
  Task
  5
  Keywords
  0x80000000000000
  TimeCreated
  SystemTime]
  2014-06-25T02:30:12.000000000Z
  EventRecordID
  92894
  Channel
  Application
  Computer
  Security
  UserID]
  EventData
  System.ServiceModel.ServiceHostingEnvironment+HostingManager/63835064
  System.ServiceModel.ServiceActivationException:
  The service '/0c98374520dc4b748d92a1e51b365dce/SearchService.svc' cannot be
  activated due to an exception during compilation. The exception message is: More
  than one X.509 certificate was found with the specified parameters.. --->
  System.ArgumentException: More than one X.509 certificate was found with the
  specified parameters. at
  Microsoft.SharePoint.Utilities.CertificateManager.GetCertificate(String
  storeName, StoreLocation storeLocation, X509FindType findType, Object findValue)
  at
  Microsoft.SharePoint.Administration.SPIisWebServiceSettings.get_LocalSslCertificate()
  at Microsoft.SharePoint.SPServiceHostOperations.Configure(ServiceHostBase
  serviceHost, SPServiceAuthenticationMode authenticationMode) at
  Microsoft.Office.Server.Search.Administration.SearchServiceHostFactory.CreateServiceHost(String
  constructorString, Uri[] baseAddresses) at
  System.ServiceModel.ServiceHostingEnvironment.HostingManager.CreateService(String
  normalizedVirtualPath, EventTraceActivity eventTraceActivity) at
  System.ServiceModel.ServiceHostingEnvironment.HostingManager.ActivateService(ServiceActivationInfo
  serviceActivationInfo, EventTraceActivity eventTraceActivity) at
  System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String
  normalizedVirtualPath, EventTraceActivity eventTraceActivity) --- End of inner
  exception stack trace --- at
  System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String
  normalizedVirtualPath, EventTraceActivity eventTraceActivity) at
  System.ServiceModel.ServiceHostingEnvironment.EnsureServiceAvailableFast(String
  relativeVirtualPath, EventTraceActivity
  eventTraceActivity)
  w3wp
  6328
  Doesn't appear to affect the component health status or the crawling process, only the return of search results.
  Sorry, something went wrong.
  Search has encountered a problem that prevents results from being returned.  If the issue persists, please contact your administrator.
  I checked the certificates snapin, didn't see anything out of the ordinary but I have a feeling it goes deeper than that.
  Where can I remove this duplicate certificate? Thanks!

  Open IIS and check server certificates
  Check if there is any certificate applied to Security token service
  Did you used any certificate for web application in site
  Check binding of all web application in IIS
  Try to browse
  servername/0c98374520dc4b748d92a1e51b365dce/SearchService.svc from all servers, check the certificate details
  If this helped you resolve your issue, please mark it Answered

• Possible Login Screen Security Hole in Lion?

  I think that I have found a glitch in the login screen in Lion that allows a user to hack in to an account without a password! It appears to occur on Macbooks with OS X Lion and here is how to reproduce it:
  Make sure that you account is password-protected and that you require a password 5 seconds after the screen saver/sleep begins. Also, be sure that you have the default "hot corner" settngs and OS X Lion. Lastly, make sure that Finder is on the farthest left icon on your dock and that your screen saver is set to spectrum!
  Close all open windows to see your desktop.
  Now, close you Macbook lid, wait 10 seconds, and open it up. You should see a screen similar to the one shown below, but with your wallpaper & info: 
  Now forcefully (yes, forcefully) restart your Mac by pressing down command, control, and the power button at the same time.
  Wait for your Mac to start up and you should see the same screen you saw (like the image above.)
  Click in the battery/time/wifi signal/etc. area in the top right corner without mousing over the courner.
  Now, mouseover the top right corner of the screen, as it will launch some kind of odd "mission control". From there, ANYONE can control your Mac without seeing your screen. From there, mouse over where you think Finder is on the dock (in the bottom-left corner of the dock) without mousing over and corners of the screen and click it. That SHOULD launch finder on your Mac.
  The login screen should reappear! (Odd, isn't it?)
  Now, mouseover the bottom-left corner and hold esc as soon as the screen turns completely dark. If sucessful, you should see your screensaver show up. While holding esc, move your mouse around towards the bottom-right corner. You should see your cursor over top of the "wheel of doom".
  The screen should flicker and you have hacked in to your account! Funny, isn't it?
  You should see finder over top of your desktop if you located finder correctly in step 7! Cool?
  If you are not sucessful, restart the entire process from step 4 and skip steps 7-8. If it doesn't work out for you after a few attemps, give up! Let's not waste any time on hacking in to an account (unless you are a hacker.)
  Is it just me or can anyone else reproduce this? If it occurs (or not), please list your Macbook's specs and details in a reply.

  jonathan_2005 wrote:
  One of the options in the security panel permits a user to require that a username and password be entered to login once the screen saver locks your account.
  The option is "Require password to wake this computer from sleep or screen saver"
  Although one would assume that the credentials required to wake the computer is the username/password of the account that was being used when the computer went into sleep mode or the screen saver.
  Never assume
  WRONG!!! Anyone with an account on the machine can enter their username/password and wake the computer and voila that user now has control of the machine as the former user. That's right you guessed it HUGE security hole.
  Anyone with a standard user account? Are you quite sure?
  Anyone thinking that they can wake away from their machine and have the screen saver or sleep mode protect their account after a specified period of time is sadly mistaken. Anyone with an account on the machine can enter their own username and password and drop right into your account right where you left off.
  I never think that way. A more secure lock is ensured by using the screen lock feature of the keychain.
  Can you believe this stuff?
  Not sure what stuff you refer to.
  No warning, no release note to tell you of such a poorly designed "security" option.
  Would you believe that anyone can access your computer? Stolen computers are regularly started up without much problem.
  Apple please fix what must have been an oversight or at least tell people about this intentional design BEFORE they find anyone can wake the computer and become you as a user.
  You are writing to other users like yourself here, not Apple.
  I also presume you are new to the Mac world.

• SSL Security Hole in Safari 3

  I noticed a security hole in Safari 3.2.2 regarding a webpage delivered over SSL when including content from a non-secure location. Ironically, I found this in the developer login for the iPhone developer login.
  The login page, which shows as being on a SSL page with an https delivery is trying to load images, such as http://devimages.apple.com/login/images/hero.png. Notice that it is asking from the non-SSL http site.
  Under the new IE8, it is now warning about this issue and gives option to block or not block the non-secure content.
  Under Safari, it shows without warning.
  The risk of displaying mixed content is that a non-secure webpage or script might be able to access information from the secure content, creating a security hole.
  Running Safari under Vista Business X64
  Lance

  Do you solved tye probllem below. ???  Can you help me.
  I have the same problem.
  What the format of secinfo, reginfo and what value to to profile gw/reg_no_conn_info ??
  Thanks,
  Vulnerability Details
  Date: Sun 10 May 2009 1:26:13 MET
  Vuln: 300803
  Vulnerability: SAPXPG Remote OS Command Execution at sysnr 3
  ToDo: Set up a project to implement access restriction rules to RFC programs
  with the 'secinfo' and 'reginfo' (only available in SAP Netweaver) mechanism
  CertRef: M906071, SAP 30/08
  Tool Reference: proprietary CERT and IPINS scanner
  Comment:
  Counted in: 2009-07
  Monitor:

• WRT55AG - Denial Of Service / security hole, and other issues

  Im using a V2 of the WRT55AG using 1.79 firmware.
  I suffered many perplexing issues when connected directly to my cable modem.
  1 It would lock up and no data transversed it
  2 Its web interface would no longer exist
  3 Some types of data would be blocked
  4 It would stop doing DHCP
  5 Ping times to it from the LAN side would increase in 1 minute intervals for hours or until power cycled
  6 Data rates would slow randomly.
  These problems would occur separately and in combinations. They would occur randomly but some issues would occur daily.
  Left alone the router would 100% lock up in a matter of days. This occurred 100% of the time.
  Rebooting was a daily and sometimes hourly ritual.
  After reading in many forums of the known issues with this router I purchased a BEFSR41 as replacement.
  ALL of my problem were gone. This of course isolated the issues I was having to the WRT55AG.
  I then hooked up the WRT55AG _after_ the BEFSR41.
  The problems with the WRT55AG disappeared. Completely. It suddenly worked for weeks perfectly.
  I then tried setting the BEFSR41's DMZ to the IP of the WRT55AG exposing the WRT55AG to the net directly.
  The issues returned.
  So the WRT55AG is crashing and suffering from various problems because of some hostile internet packets. Effectively it suffers major security issues and a denial of service from something that is present from the internet. I did not isolate what ports+packets were causing the DOS condition.
  Im sure the WRT55AG has some code that is vulnerable to attack because it crashes when exposed to the net. This is a serious issue.
  This is a sad state of affairs. I paid good money for the router. Its too late to get my money back. I would settle for a 802.11A WAP.
  I want a *FIX* for the obvious security hole that could expose anyone on the LAN side of the wrt55AG router to attack if the router/firewall is compromised. I want my WRT55AG to work as intended or at least as well as the BEFSR41 I own.
  I also feel if the source code was still open, then these problems would not exist. At the very least, some other 3rd party version of firmware would be available that would work in the router and any issue would get prompt attention and a quick solution from a open source team. The decision by Linksys to move away from open source firmware will erode the quality of the brand by making products less reliable.
  WHEN will a new version of the firmware be available for the WRT55AG ?
  If not how do I go about returning a well documented defectively engineered product for a product that works ?

  I would like to see a update to fix the various issues with this router. When will this be available ?
  -OR-
  If this product is considered End Of Life, I would like to get confirmation that no future firmware update will occur.
  As this product was defective out of the box and has never been fixed, I would like a replacement product please. My serial number is # MDJ106802225
  Message Edited by Xymox on 08-13-2008 11:28 AM

• Does ethical hacking give security divisions motive to withhold security holes?

  Snufykat wrote:
  I removed my first, not helpful, comment.
  No worries. I acutally forgot to change this to a discussion post instead of an answer post, wasn't really looking for the answer, because I was pretty sure I knew already but I wanted to hear the input from some others that might know more about the subject than I do.

  So, as we all know, software and hardware is going to have some kind of a security hole or concern after its release no matter what happens. I have seen a lot of posts about ethical hacking and the like. I was just wondering what the community's thoughts were on this: if we're more concerned about "being on the offensive" as the US government has said they intend to be, does it give motive to withhold security holes in software that might be used internationally?Say, for example, MS Word, which is used around the globe is found to have a security hole. The US discovers this. They want to use this security hole to their advantage thus they keep the security hole to themselves. Meanwhile, some hacker from China had already discovered the security hole and was exploiting it for the previous year. Now the US is withholding security...
  This topic first appeared in the Spiceworks Community

• Cookies secure, or security hole?

  I saw a website spoofing itself to be Amazon.com (blatently phishing for credit card information), which displayed information contained in my Amazon.com cookies. Their site was acting as a bridge to Amazon.com, and I presume sniffing for any valuable information they could steal.
  I didn't fall for their credit card request, but I was surprised to see my personal information stored in cookies being requested and passed through. Side note: I'm not using Little Snitch yet, but I'll probably get it soon.
  Using Safari v2.0.2 (416.13).
  Is this a security hole in Safari?
  Quad G5   Mac OS X (10.4.4)   Cinema 30 & 23

  Well, one example I posted about here a few months ago was CodeTek virtual desktops. I installed it just by dragging it to the Applications folder. No authentication needed.
  When I upgraded to 10.4, it stopped working, but I found when I locked the plist file, it prevented codetek from corrupting it and it ran. (The problem has long since been fixed).
  However, simply changing the ownership and write permissions on the plist file to root did not prevent the application from writing to the root-owned and write-protected file. Somehow it could do this, even though it had never been granted administrator priviliges.
  I checked this behavior with a few other applications, and this was not restricted to Codetek, but rather seems to be a property of the Apple umask or whatever it is called for (non-unix-type) Applications.

• XML Publisher - OPP log: Output file was found but is zero sized - Deleted

  Hi,
  I have created one Main template and sub-template is called from it. I am working with Oracle Apps version 12.1.1. XML Source file gets created using rdf file attached to the concurrent program. Now after registering main template with the required concurrent program when i tried to execute it "View Output" button shows XML souce data instead of PDF report which i have called using main template. Log file was showing following error,
  Executing request completion options...
  Output file size:
  33140
  ------------- 1) PUBLISH -------------
  Beginning post-processing of request 3739501 on node ORAAPP13 at 09-AUG-2011 22:16:38.
  Post-processing of request 3739501 failed at 09-AUG-2011 22:16:51 with the error message:
  One or more post-processing actions failed. Consult the OPP service log for details.
  ------------- 2) PRINT   -------------
  Not printing the output of this request because post-processing failed.
  Finished executing request completion options.
  And the OPP service log has following error, Can anyone guide me to solve this error.
  Template code: AERO_INV_MAIN
  Template app: XXAV
  Language: en
  Territory: US
  Output type: PDF
  [8/9/11 10:16:51 PM] [339827:RT3739501] Output file was found but is zero sized - Deleted
  [8/9/11 10:16:51 PM] [UNEXPECTED] [339827:RT3739501] java.lang.reflect.InvocationTargetException
       at sun.reflect.GeneratedMethodAccessor66.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at oracle.apps.xdo.common.xml.XSLT10gR1.invokeNewXSLStylesheet(XSLT10gR1.java:611)
       at oracle.apps.xdo.common.xml.XSLT10gR1.transform(XSLT10gR1.java:239)
       at oracle.apps.xdo.common.xml.XSLTWrapper.transform(XSLTWrapper.java:182)
       at oracle.apps.xdo.template.fo.util.FOUtility.generateFO(FOUtility.java:1044)
       at oracle.apps.xdo.template.fo.util.FOUtility.generateFO(FOUtility.java:997)
       at oracle.apps.xdo.template.fo.util.FOUtility.generateFO(FOUtility.java:212)
       at oracle.apps.xdo.template.FOProcessor.createFO(FOProcessor.java:1665)
       at oracle.apps.xdo.template.FOProcessor.generate(FOProcessor.java:975)
       at oracle.apps.xdo.oa.schema.server.TemplateHelper.runProcessTemplate(TemplateHelper.java:5936)
       at oracle.apps.xdo.oa.schema.server.TemplateHelper.processTemplate(TemplateHelper.java:3459)
       at oracle.apps.xdo.oa.schema.server.TemplateHelper.processTemplate(TemplateHelper.java:3548)
       at oracle.apps.fnd.cp.opp.XMLPublisherProcessor.process(XMLPublisherProcessor.java:302)
       at oracle.apps.fnd.cp.opp.OPPRequestThread.run(OPPRequestThread.java:176)
  Caused by: java.lang.StackOverflowError
       at java.text.DecimalFormat.subformat(DecimalFormat.java:877)
       at java.text.DecimalFormat.format(DecimalFormat.java:674)
       at java.text.DecimalFormat.format(DecimalFormat.java:608)
       at java.text.SimpleDateFormat.zeroPaddingNumber(SimpleDateFormat.java:1203)
       at java.text.SimpleDateFormat.subFormat(SimpleDateFormat.java:1142)
       at java.text.SimpleDateFormat.format(SimpleDateFormat.java:899)
       at java.text.SimpleDateFormat.format(SimpleDateFormat.java:869)
       at java.text.DateFormat.format(DateFormat.java:316)
       at oracle.apps.fnd.security.CallStack.getInstance(CallStack.java:97)
       at oracle.apps.fnd.security.DBConnObj.setBorrowingThread(DBConnObj.java:990)
       at oracle.apps.fnd.security.DBConnObj.setBorrowingThread(DBConnObj.java:973)
       at oracle.apps.fnd.common.Pool.costBasedSelection(Pool.java:1885)
       at oracle.apps.fnd.common.Pool.selectObject(Pool.java:1686)
       at oracle.apps.fnd.common.Pool.borrowObject(Pool.java:950)
       at oracle.apps.fnd.security.DBConnObjPool.borrowObject(DBConnObjPool.java:584)
       at oracle.apps.fnd.security.AppsConnectionManager.borrowConnection(AppsConnectionManager.java:330)
       at oracle.apps.fnd.common.Context.borrowConnection(Context.java:1719)
       at oracle.apps.fnd.common.AppsContext.getPrivateConnectionFinal(AppsContext.java:2314)
       at oracle.apps.fnd.common.AppsContext.getPrivateConnection(AppsContext.java:2251)
       at oracle.apps.fnd.common.AppsContext.getJDBCConnection(AppsContext.java:2108)
       at oracle.apps.fnd.common.AppsContext.getJDBCConnection(AppsContext.java:1918)
       at oracle.apps.fnd.common.AppsContext.getJDBCConnection(AppsContext.java:1762)
       at oracle.apps.fnd.common.AppsContext.getJDBCConnection(AppsContext.java:1775)
       at oracle.apps.fnd.common.Context.getJDBCConnection(Context.java:1453)
       at oracle.apps.fnd.cache.GenericCacheLoader.load(GenericCacheLoader.java:170)
       at oracle.apps.fnd.profiles.Profiles.getProfileOption(Profiles.java:1500)
       at oracle.apps.fnd.profiles.Profiles.getProfile(Profiles.java:362)
       at oracle.apps.fnd.profiles.ExtendedProfileStore.getSpecificProfileFromDB(ExtendedProfileStore.java:211)
       at oracle.apps.fnd.profiles.ExtendedProfileStore.getSpecificProfile(ExtendedProfileStore.java:171)
       at oracle.apps.fnd.profiles.ExtendedProfileStore.getProfile(ExtendedProfileStore.java:148)
       at oracle.apps.fnd.common.logging.DebugEventManager.configureUsingDatabaseValues(DebugEventManager.java:1294)
       at oracle.apps.fnd.common.logging.DebugEventManager.configureLogging(DebugEventManager.java:1149)
       at oracle.apps.fnd.common.logging.DebugEventManager.internalReinit(DebugEventManager.java:1118)
       at oracle.apps.fnd.common.logging.DebugEventManager.reInitialize(DebugEventManager.java:1085)
       at oracle.apps.fnd.common.logging.DebugEventManager.reInitialize(DebugEventManager.java:1072)
       at oracle.apps.fnd.common.AppsLog.reInitialize(AppsLog.java:595)
       at oracle.apps.fnd.common.AppsContext.initLog(AppsContext.java:602)
       at oracle.apps.fnd.common.AppsContext.initializeContext(AppsContext.java:579)
       at oracle.apps.fnd.common.AppsContext.initializeContext(AppsContext.java:533)
       at oracle.apps.fnd.common.AppsContext.<init>(AppsContext.java:301)
       at oracle.apps.xdo.oa.schema.server.OAURLConnection.getAppsContext(OAURLConnection.java:121)
       at oracle.apps.xdo.oa.schema.server.TemplateURLConnection.getInputStream(TemplateURLConnection.java:89)
       at java.net.URL.openStream(URL.java:1009)
       at oracle.xdo.parser.v2.XMLReader.openURL(XMLReader.java:2353)
       at oracle.xdo.parser.v2.XMLReader.pushXMLReader(XMLReader.java:270)
       at oracle.xdo.parser.v2.XMLParser.parse(XMLParser.java:256)
       at oracle.xdo.parser.v2.XSLBuilder.processIncludeHref(XSLBuilder.java:1045)
       at oracle.xdo.parser.v2.XSLBuilder.processImportHref(XSLBuilder.java:984)
       at oracle.xdo.parser.v2.XSLBuilder.processImport(XSLBuilder.java:949)
       at oracle.xdo.parser.v2.XSLBuilder.startElement(XSLBuilder.java:373)
       at oracle.xdo.parser.v2.NonValidatingParser.parseElement(NonValidatingParser.java:1252)
       at oracle.xdo.parser.v2.NonValidatingParser.parseRootElement(NonValidatingParser.java:338)
       at oracle.xdo.parser.v2.NonValidatingParser.parseDocument(NonValidatingParser.java:285)
  Regards,
  Priyanka

  And metalink note 1100253.1 states that this issue (java.lang.StackOverflowError) might be caused by a too large set of data to be sorted in the layout file. Recommendation is to removed the sort from the layout file and instead sort the data already in the data definition.
  regards,
  David.

• MS Office secretly connects to my Mac and scans my activity. How??? Security hole? Exploitable by hackers?

  I have a strange problem. All by itself it's not so serious, but it concerns me that it reveals a security hole which can be exploited by hackers.
  I may be over-reacting, so any reassurance or explanation would be appreciated.
  Here's the situation:
  I have a MacBook Pro running OSX 10.6.5. I also have a new MacBook Air also running 10.6.5. I recently used Migration Assistant to move all my applications from the MacBook Pro to the MacBook Air. The migration worked fine with one very troubling exception.
  One of the applications that got migrated was MS Office 2008 (MSWord, Excel, etc.). When I just had my MacBook Pro, MS Office worked fine. Also, now, if my MacBook Pro is turned off and I'm just using my Air, MS Office again works fine.
  HOWEVER...if I have my MacBook Pro open and running MS Office on it, and then I simultaneously open my Air and try to launch MS Office, I get an error message that says
  "Microsoft Office 2008 for Mac cannot start because Microsoft Office is already in use.
  An office program is being used by Apple Mac. Your installation exceeds the number of installations permitted by the license agreement."
  However, if I then "Quit" MS Office on the Pro, and then try to launch it on the Air, I don't get the error message, and it works as normal. The same thing happens if I switch computers -- if it's running on the Air first, then I can't launch it on the Pro. Basically, only one of the computers can run MS Office at any one time.
  Now, the issue about the MS license agreement is not what concerns me -- I guess the version of MS Office I bought back in 2008 was only supposed to be installed on one single computer, and never migrated to a new computer (I eventually plan to use the Air full time and retire the Pro). I'm probably going to get a newer version of MS Office eventually anyway, and also I almost never use both computers at the same time, so I'm not worried about being unable to use MS Office on both computes simultaneously. No, what worries me is this:
  How does MS Office on one computer even know that my other computer is running and has MS Office open?
  I'm not an expert on networks and sharing and connectivity and all that, so excuse me if I use inaccurate terminology, but...:
  Both computers connect via AirPort to a cable modem and thus share the same wifi hotspot to connect to the internet.
  But as far as I can tell, the two computers are not "connected" to each other. In the System Preferences for both computers, in the "Sharing" panel, all File Sharing is off. Also, none of the sharing boxes are checked.
  Neither computer shows the hard drive of the other on its Desktop. If I wanted to, I could use Finder's "Go" menu, choose "Connect to server," then "Browse," then find the other computer, double-click on it, type in the admin password, and then connect the two computers. But I haven't done that, and MS Office is able to see what the other comoputer is doing, even when they aren't connected in any way (as far as I can tell).
  I find this pretty disturbing. How in the world does the MS Office on one computer even know that the other computer exists? Furthermore, how does it know that the other computer is on and running? And lastly and more importantly, how does it know which programs are running on the other computer?
  One extra detail: in order to try to diagnose this odd behavior, I installed a program called "Little Snitch" which monitors all network activity and notifies the user whenever any malware programs or other sneaky behind-the-scens apps try to send data over your connection without your knowledge. Little Snitch seems to work great but when I test the problem after installing it, Little Snitch did not even detect or report that MS Office was doing any surreptitious network snooping. So whatever MS Office is doing, it's doing it pretty sneakily.
  Here is my worry: Could a hacker somehow exploit this capability of MS Office to monitor activity on my computer without my being aware of it? Or could someone re-adapt this snooping code from MS Office for more nefarious purposes?
  Or am I completely misapprehending the situation somehow?
  Any  reassurance or explanation would be greatly appreciated! Thanks.

  But my question is: How does the software do that?
  It scans the local network for computers trying to "share" software that is only supposed to be licensed for one computer. I can't give you a technical answer, I can just tell you that's what it's doing.
  then what's preventing less ethical coders from deploying similar but more sinister malware with the same capability?
  Nothing. Any vendor of any software, from a one person shareware or freeware app to a company the size of Apple, Microsoft or Adobe could sneak in damaging code. Any company that wants to stay in business though would never allow it.
  In a typical software company (particularly larger ones), you have not only the people who write the code, but also system analysts who review the code looking for flaws or anything else that shouldn't be there.
  Now I have the fear that if I'm using a wifi hotspot in a cafe or wherever, someone else with hacking skills on that same hotspot could basically see what I'm doing on my computer, without my knowledge.
  The software to pry (they hope undetected) into other folks' computers on an open network like that has been around for years. That's why you at least need to have your firewall enabled when using a wifi hotspot.

• "Your meeting was found to be out of date and has been automatically updated."

  Hello, one of our users is stating that when they make changes to meeting dates and/or times, a few minutes to a day later, the changes revert to the original date and/or time. Additionally, they will occasional also receive an email stating "Your meeting
  was found to be out of date and has been automatically updated."
  This customer is on a Win7 client and running Outlook 2007. Both the OS and Office/Outlook are completely patched as of 08/12/2014. There are also a couple of iOS devices that access the Exchange account and both are running the latest version of iOS according
  to the customer.
  The customer states that this behavior began immediately following our migration from Exchange 2007 to 2013 a couple of months back. I am not able to see any reason for this at the server level. We also do not currently have any other users complaining of
  the same issue. I am unable to replicate the issue using my account. I suspect that it is isolated to this single user at this point.
  We are running Exchange v15, build 847.32.
  Has anyone experienced the same? Thanks in advance for any input.

  Hi,
  I noticed that there are some third-party devices used to sync and manage Exchange calendar. Usually, some issues may be caused by some devices used for Exchange ActiveSync service. We can try to disable the devices and check whether the issue persists.
  Here is a KB descripted Current issues with Microsoft Exchange ActiveSync and third-party devices:
  http://support.microsoft.com/kb/2563324
  If the issue is not caused by any third-party programs, please check the time zone from Outlook client, local machine, third-party devices and Outlook Web App. Please also change a computer then send test meeting updates to check if the issue continues.
  Regards,
  Winnie Liang
  TechNet Community Support

• Although I turned off WiFi, set as 'require admin password to turn on and off wifi, when I turn on my MacBook Pro, retina latest model, just got for a month, it turns on wifi automatically, is this a back door or virus or security hole? Thank you

  I have my all networks at 'Off' status in the system panel, never use Bluetooth either, also in the top status bar, and set as 'require admin password to turn on and off WiFi', but when I turn on my MacBookPro 15" retina newest model only one month old, it goes on to WiFi automatically by itself.
  Is this a back door? Security hole?
  The other day, I was taking a break for five minutes, when I came back, the Microsoft outlook is open for setting up an account, I never use outlook, it is there only because it comes with the office package. Also, iTunes was playing music, I don't use iTunes when I'm working. Both were not on before I left for the break.
  What is the problem?

  I have my all networks at 'Off' status in the system panel, never use Bluetooth either, also in the top status bar, and set as 'require admin password to turn on and off WiFi', but when I turn on my MacBookPro 15" retina newest model only one month old, it goes on to WiFi automatically by itself.
  Is this a back door? Security hole?
  The other day, I was taking a break for five minutes, when I came back, the Microsoft outlook is open for setting up an account, I never use outlook, it is there only because it comes with the office package. Also, iTunes was playing music, I don't use iTunes when I'm working. Both were not on before I left for the break.
  What is the problem?

• Org.xml.sax.SAXParseException: An invalid XML character (Unicode: 0x80) was found in the CDATA section

            Hi,
            I,'m using c.tld tag libraries from Yakarta in order to use c:if functions.
            When I use non-unicode characters in my JSP pages, it crashes:
            java.io.IOException: javax.servlet.jsp.JspException: The taglib validator rejected
            the page: "org.xml.sax.SAXParseException: An invalid XML character (Unicode: 0x80)
            was found in the CDATA section., "
                 at weblogic.servlet.jsp.Jsp2Java.outputs(Jsp2Java.java:124)
                 at weblogic.utils.compiler.CodeGenerator.generate(CodeGenerator.java:258)
                 at weblogic.servlet.jsp.JspStub.compilePage(JspStub.java:353)
                 at weblogic.servlet.jsp.JspStub.prepareServlet(JspStub.java:211)
                 at weblogic.servlet.jsp.JspStub.checkForReload(JspStub.java:149)
                 at weblogic.servlet.internal.ServletStubImpl.getServlet(ServletStubImpl.java:521)
                 at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:351)
                 at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:306)
                 at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:5445)
                 at weblogic.security.service.SecurityServiceManager.runAs(SecurityServiceManager.java:780)
                 at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3105)
                 at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2588)
                 at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:213)
                 at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:189)
            How can I force it to use ISO-8859-1? All my tries haven't work. What should I
            do? The c.tld libraries and jars are taken from JDK 1.4.1_02
            

  Hi Stefan,
     This is my source xml in moni..
  xmlns:prx="urn:sap.com:proxy:ECP:/1SAI/TAS5BFDF495190544E4B506:701:2008/06/06">
    <SiteId>0080</SiteId>
    <UCC>42027519 91029010015</UCC>
  My interface is SAP(Proxy) to Database(Synchronous).
     SAP (PROXY) --> PI --> DATABASE ( Synchronous Communication )
  Let me know if u need any information from my side...
  Thanks for ur help...
  Thanks,
  Siva..

• My apple ID was hacked.  Trying to reset password but the email never reached my account.  Trying to answer security questions, the birthday was changed.  I am really miserable.  Can anyone shed some light, please?

  My gmail email is my apple ID.  I found I lost access of gmail last night and I reset the password before bed.  But this morning the password was changed again.  My ipad also requested a password that didn't match to the one I used.  I have reset my gmail once more.  In addition, I added 2-step verification.  But I have not received any new mail up to now.  I tried to reset my apple ID.  When I selected sending an email for resetting, the mail was sent but never reached my mailbox;  When I selected answering security questions: the birthday was wrong.  It's been changed.  I am SO SO UPSET.  Can any genius take pity on me and show me some guidance, please?

  You should get Apple involved in sorting this out. Start at this site:
  https://getsupport.apple.com/Issues.action
  Your Apple ID can be handled through iTunes.