Web Server Oracle Cross-Site-Scripting Vulnerability in Oracle Secure Enterprise Search
Gravità: : Medio
Identificatori CVE: CVE-2007-2119
Data notifica: 15 febbraio 2011
Descrizione
Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in
the Administration Front End for Oracle Enterprise (Ultra) Search, as used in
Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server
9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary
HTML or web script via the EXPTYPE parameter, aka SES01.
Soluzioni
Trend Micro Deep Security DPI Rule Number: 1000991
Trend Micro Deep Security DPI Rule Name: 1000991 - Web Server Oracle Cross-Site-Scripting Vulnerability in Oracle Secure Enterprise Search
Software e versione interessati:
- Oracle Oracle Application Server 10.1.2.0.2
- Oracle Oracle Application Server 10.1.2.2
- Oracle Oracle Application Server 9.0.4.3
- Oracle Oracle Database 10.1.0.5
- Oracle Oracle Database 10.2.0.2
- Oracle Oracle Database 9.2.0.8