Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 allows remote attackers to execute unauthorized PL/SQL procedures by modifying the Oracle Applications URL.
https://exchange.xforce.ibmcloud.com/vulnerabilities/8897
http://www.securityfocus.com/bid/4551
http://otn.oracle.com/deploy/security/pdf/apps_alert_ebiz2.pdf