（EBS 12.1.3漏洞修复方案）CVE-2022-21587: Oracle E-Business Suite 访问控制错误漏洞

1. 升级版本修复
	https://www.oracle.com/security-alerts/cpuoct2022.html
	CVE-2022-21587 至少要打到cpuoct2022 34451004

2. 缓解措施，在不影响使用的情况下，拦截漏洞存在的接口（/OA_HTML/BneViewerXMLService）

例如，可在 Nginx  中可添加如下 location 配置：
location ~* /OA_HTML/BneViewerXMLService {
  if ($query_string ~* "bne:uueupload=TRUE") {
    return 403;
  }
}

或者使用 Apache + mod_rewrite，在 .htaccess 或主配置文件 中加入：
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/OA_HTML/BneViewerXMLService$
RewriteCond %{QUERY_STRING} bne:uueupload=TRUE [NC]
RewriteRule .* - [F]

--CPU Patches for Oracle EBS Release 12.1.3
set lines 160 pages 50000
Select distinct Bugs.Bug_Number as PATCH,
decode(Ad_Patch.Is_Patch_Applied('R12',-1,bugs.bug_Number),'EXPLICIT','APPLIED','NOT_APPLIED') as APPLIED
From 
(
 select '21507207' as bug_number From Dual UNION ALL /*21507207:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: CPU PATCH FOR JAN 2015      Download Access Software*/
 select '20406628' as bug_number From Dual UNION ALL /*20406628:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: CPU PATCH FOR APR 2015      Download Access Software*/
 select '20953340' as bug_number From Dual UNION ALL /*20953340:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: CPU PATCH FOR JUL 2015      Download Access Software*/
 select '21507207' as bug_number From Dual UNION ALL /*21507207:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: CPU PATCH FOR OCT 2015      Download Access Software*/
 select '22133441' as bug_number From Dual UNION ALL /*22133441:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: CPU PATCH FOR JAN 2016      Download Access Software*/
 select '22614470' as bug_number From Dual UNION ALL /*22614470:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: CPU PATCH FOR APR 2016      Download Access Software*/
 select '23144507' as bug_number From Dual UNION ALL /*23144507:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: CPU PATCH FOR JUL 2016      Download Access Software*/
 select '24390793' as bug_number From Dual UNION ALL /*24390793:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: CPU PATCH FOR OCT 2016      Download Access Software*/
 select '25032333' as bug_number From Dual UNION ALL /*25032333:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: CPU PATCH FOR JAN 2017      Download Access Software*/
 select '25449171' as bug_number From Dual UNION ALL /*25449171:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: CPU PATCH FOR APR 2017      Download Access Software*/
 select '25982921' as bug_number From Dual UNION ALL /*25982921:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: CPU PATCH FOR JUL 2017      Download Access Software*/
 select '26574496' as bug_number From Dual UNION ALL /*26574496:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: CPU PATCH FOR OCT 2017      Download Access Software*/
 select '27040859' as bug_number From Dual UNION ALL /*27040859:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: CPU PATCH FOR JAN 2018      Download Access Software*/
 select '27468057' as bug_number From Dual UNION ALL /*27468057:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: CPU PATCH FOR APR 2018      Download Access Software*/
 select '28018146' as bug_number From Dual UNION ALL /*28018146:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: CPU PATCH FOR JUL 2018      Download Access Software*/
 select '28421543' as bug_number From Dual UNION ALL /*28421543:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: CPU PATCH FOR OCT 2018      Download Access Software*/
 select '28840561' as bug_number From Dual UNION ALL /*28840561:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: CPU PATCH FOR JAN 2019      Download Access Software*/
 select '29224722' as bug_number From Dual UNION ALL /*29224722:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: CPU PATCH FOR APR 2019      Download Access Software*/
 select '29692308' as bug_number From Dual UNION ALL /*29692308:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: CPU PATCH FOR JUL 2019      Download Access Software*/
 select '30077281' as bug_number From Dual UNION ALL /*30077281:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: CPU PATCH FOR OCT 2019      Download Access Software*/
 select '30445462' as bug_number From Dual UNION ALL /*30445462:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: CPU PATCH FOR JAN 2020      Download Access Software*/
 select '30812013' as bug_number From Dual UNION ALL /*30812013:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: CPU PATCH FOR APR 2020      Download Access Software*/
 select '31198341' as bug_number From Dual UNION ALL /*31198341:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: CPU PATCH FOR JUL 2020      Download Access Software*/
 select '31643022' as bug_number From Dual UNION ALL /*31643022:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: CPU PATCH FOR OCT 2020      Download Access Software*/
 select '32071645' as bug_number From Dual UNION ALL /*32071645:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: CPU PATCH FOR JAN 2021      Download Access Software*/
 select '32438190' as bug_number From Dual UNION ALL /*32438190:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: CPU PATCH FOR APR 2021      Download Access Software*/
 select '32841266' as bug_number From Dual UNION ALL /*32841266:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: CPU PATCH FOR JUL 2021      Download Access Software*/
 select '33154541' as bug_number From Dual UNION ALL /*33154541:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: CPU PATCH FOR OCT 2021      Download Access Software*/
 select '33487414' as bug_number From Dual UNION ALL /*33487414:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: Security Updates (JAN 2022) Download Access Tier 1*/
 select '33782734' as bug_number From Dual UNION ALL /*33782734:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: Security Updates (APR 2022) Download Access Tier 1*/
 select '34127941' as bug_number From Dual UNION ALL /*34127941:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: SECURITY UPDATES (JUL 2022) Download Access Tier 1*/
 select '34451004' as bug_number From Dual UNION ALL /*34451004:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: SECURITY UPDATES (OCT 2022) Download Access Tier 1*/
 select '34726970' as bug_number From Dual UNION ALL /*34726970:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: SECURITY UPDATES (JAN 2023) Download Access Tier 1*/
 select '35020331' as bug_number From Dual UNION ALL /*35020331:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: SECURITY UPDATES (APR 2023) Download Access Tier 1*/
 select '35385902' as bug_number From Dual UNION ALL /*35385902:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: SECURITY UPDATES (JUL 2023) Download Access Tier 1*/
 select '35642922' as bug_number From Dual UNION ALL /*35642922:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: SECURITY UPDATES (OCT 2023) Download Access Tier 1*/
 select '35967234' as bug_number From Dual UNION ALL /*35967234:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: SECURITY UPDATES (JAN 2024) Download Access Tier 1*/
 select '36271496' as bug_number From Dual UNION ALL /*36271496:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: SECURITY UPDATES (APR 2024) Download Access Tier 1*/
 select '36561723' as bug_number From Dual UNION ALL /*36561723:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: SECURITY UPDATES (JUL 2024) Download Access Tier 1*/
 select '36944304' as bug_number From Dual UNION ALL /*36944304:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: SECURITY UPDATES (OCT 2024) Download Access Tier 1*/
 select '37237356' as bug_number From Dual UNION ALL /*37237356:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: SECURITY UPDATES (JAN 2025) Download Access Tier 1*/
 select '37531039' as bug_number From Dual UNION ALL /*37531039:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: SECURITY UPDATES (APR 2025) Download Access Tier 1*/
 select '37923855' as bug_number From Dual UNION ALL /*37923855:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: SECURITY UPDATES (JUL 2025) Download Access Tier 1*/
 select '38298678' as bug_number From Dual UNION ALL /*38298678:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: SECURITY UPDATES (OCT 2025) Download Access Tier 1*/
 select '38606737' as bug_number From Dual UNION ALL /*38606737:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: SECURITY UPDATES (JAN 2026) Download Access Tier 1*/
 select '38920000' as bug_number From Dual           /*38920000:12.1.0 ORACLE APPLICATIONS RELEASE 12.1: SECURITY UPDATES (APR 2026) Download Access Tier 1*/
) Bugs order by 1;