Web Server Oracle Cross-Site-Scripting Vulnerability in Oracle Secure Enterprise Search
Data de publicação: 15 fevereiro 2011
Schweregrad: : Medium
Identificador(es) CVE: : CVE-2007-2119
Data do informe: 15 fevereiro 2011
Descrição
Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in
the Administration Front End for Oracle Enterprise (Ultra) Search, as used in
Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server
9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary
HTML or web script via the EXPTYPE parameter, aka SES01.
Solução
Trend Micro Deep Security DPI Rule Number: 1000991
Trend Micro Deep Security DPI Rule Name: 1000991 - Web Server Oracle Cross-Site-Scripting Vulnerability in Oracle Secure Enterprise Search
Software infectado e versão:
- Oracle Oracle Application Server 10.1.2.0.2
- Oracle Oracle Application Server 10.1.2.2
- Oracle Oracle Application Server 9.0.4.3
- Oracle Oracle Database 10.1.0.5
- Oracle Oracle Database 10.2.0.2
- Oracle Oracle Database 9.2.0.8