Web Server Oracle Cross-Site-Scripting Vulnerability in Oracle Secure Enterprise Search
Publish Date: 15 Februar 2011
Schweregrad:: Mittel
CVE Kennungen:: CVE-2007-2119
Hinweisdatum: 15 Februar 2011
Beschreibung
Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in
the Administration Front End for Oracle Enterprise (Ultra) Search, as used in
Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server
9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary
HTML or web script via the EXPTYPE parameter, aka SES01.
Lösungen
Trend Micro Deep Security DPI Rule Number: 1000991
Trend Micro Deep Security DPI Rule Name: 1000991 - Web Server Oracle Cross-Site-Scripting Vulnerability in Oracle Secure Enterprise Search
Betroffene Software und Version:
- Oracle Oracle Application Server 10.1.2.0.2
- Oracle Oracle Application Server 10.1.2.2
- Oracle Oracle Application Server 9.0.4.3
- Oracle Oracle Database 10.1.0.5
- Oracle Oracle Database 10.2.0.2
- Oracle Oracle Database 9.2.0.8