Bugtraq: Cross Site Scripting in Oracle Webcache 9i Adminstrator Application

From: Alexander Kornbrust <ak_at_red-database-security.com>
Date: 28 Apr 2005 17:14:25 -0000

('binary' encoding is not supported, stored as-is) Red-Database-Security GmbH Research Advisory

Name Cross Site Scripting in Oracle Webcache 9i
Systems Affected Oracle Webcache
Severity Low Risk
Category Cross Site Scripting (CSS/XSS)
Vendor URL http://www.oracle.com
Author Alexander Kornbrust (ak at red-database-security.com)
Date 22 Apr 2005 (V 1.00)
Advisory number AKSEC2003-011

Description
###########
Cross Site Scripting in Oracle Webcache 9i Adminstrator Application.

More details available:
#######################

http://www.red-database-security.com/advisory/oracle_webcache_CSS_vulnerabilities.html

Patch Information
#################
This issue was fixed silently. Apply the latest patchset for Oracle Application Server.

History:
########
23 September 2003 Oracle secalert was informed
23 September 2003 Bug confirmed
26 April 2005 Advisory released

About Red-Database-Security GmbH
#################################
Red-Database-Security GmbH is a specialist in Oracle Security.

http://www.red-database-security.com
Received on Apr 28 2005