Bugtraq: Cross Site Scripting in Oracle Webcache 9i Adminstrator Application

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Cross Site Scripting in Oracle Webcache 9i Adminstrator Application

From: Alexander Kornbrust <ak () red-database-security com>
Date: 28 Apr 2005 17:14:25 -0000



Red-Database-Security GmbH Research Advisory 


Name               Cross Site Scripting in Oracle Webcache 9i
Systems Affected   Oracle Webcache
Severity           Low Risk
Category           Cross Site Scripting (CSS/XSS)
Vendor URL         http://www.oracle.com
Author             Alexander Kornbrust (ak at red-database-security.com)
Date               22 Apr 2005  (V 1.00)
Advisory number    AKSEC2003-011


Description
###########
Cross Site Scripting in Oracle Webcache 9i Adminstrator Application.



More details available:
#######################

http://www.red-database-security.com/advisory/oracle_webcache_CSS_vulnerabilities.html




Patch Information
#################
This issue was fixed silently. Apply the latest patchset for Oracle Application Server.



History:
########
23 September 2003       Oracle secalert was informed 
23 September 2003       Bug confirmed
26 April 2005           Advisory released




About Red-Database-Security GmbH
#################################
Red-Database-Security GmbH is a specialist in Oracle Security. 


http://www.red-database-security.com

By Date By Thread

Current thread:

Cross Site Scripting in Oracle Webcache 9i Adminstrator Application Alexander Kornbrust (Apr 28)