Web Server Oracle Cross-Site-Scripting Vulnerability in Oracle Secure Enterprise Search
Publish date: 15 de febrero de 2011
Gravedad: Medio
Identificadores de CVE : CVE-2007-2119
Fecha recomendada: 15 de febrero de 2011
Descripción
Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in
the Administration Front End for Oracle Enterprise (Ultra) Search, as used in
Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server
9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary
HTML or web script via the EXPTYPE parameter, aka SES01.
Soluciones
Trend Micro Deep Security DPI Rule Number: 1000991
Trend Micro Deep Security DPI Rule Name: 1000991 - Web Server Oracle Cross-Site-Scripting Vulnerability in Oracle Secure Enterprise Search
Software y versión afectados
- Oracle Oracle Application Server 10.1.2.0.2
- Oracle Oracle Application Server 10.1.2.2
- Oracle Oracle Application Server 9.0.4.3
- Oracle Oracle Database 10.1.0.5
- Oracle Oracle Database 10.2.0.2
- Oracle Oracle Database 9.2.0.8