Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Oracle Workflow CSS Vulnerability wf_monitor
From: "Kornbrust, Alexander" <ak () red-database-security com>
Date: Thu, 20 Oct 2005 08:33:19 +0200

Dear FD-Reader,

The Oracle Critical Patch Update October 2005 provides fixes for 2
Cross-Site-
Scripting vulnerabilities in Oracle Workflow found by
Red-Database-Security GmbH. 

I know that the severity and impact of CSS bugs is low. My critical
security bugs
in Oracle (e.g. become DBA via the import utility or security problems
in 
Transparent Data Encryption (TDE)) are still unfixed.

The following (remote exploitable) bug for example is now unfixed since
800 (!) 
days ( = 19.200 hours).
http://www.red-database-security.com/advisory/oracle_reports_overwrite_a
ny_file.html

If you think that 800 days are a little bit too long you should contact 
Oracle and ask for the reason. If you are lucky you will get patches
from Oracle
with the next critical patch update january 2006 (= 889 days later) or
april
2006 (=980 days later).

A list of (my) upcoming Oracle security issues is available here:
http://www.red-database-security.com/advisory/upcoming_alerts.html


Regards

 Alexander Kornbrust


Oracle Workflow CSS Vulnerability wf_monitor
############################################

 Name                Oracle Workflow CSS Vulnerability wf_monitor 
 Systems Affected    Oracle Database or Application Server 
 Severity            Low Risk  
 Category            Cross Site Scripting 
 Vendor URL
http://www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html
 This advisory
http://www.red-database-security.com/advisory/oracle_workflow_css_wf_mon
itor.html  
 Author              Alexander Kornbrust (ak at
red-database-security.com)  
 Date                20 October 2005 (V 1.00)  
 Bugnumber           2005-S071E 
 Time to fix         236 days


 
Details
####### 
Oracle Workflow is part of the database or application server
installation. The parameter response form is vulnerable against XSS/CSS
attacks. 


Testcase
########
Run the URL http://server:7778/pls/owf_mgr/wf_monitor.find_instance and
add javascript code into the field "response form"


Patch Information
#################
Oracle fixed this issue with the patches from the critical patch update
october 2005.

All already published alerts are available on the web site of
Red-Database-Security GmbH
http://www.red-database-security.com/advisory/published_alerts.html


History
#######
14-feb-2005 Oracle secalert was informed
15-feb-2003 Bug confirmed
18-oct-2005 Oracle published the Critical Patch Update October 2005 (CPU
October 2005)
20-oct-2005 Red-Database-Security published this advisory


(c) 2005 by Red-Database-Security GmbH

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • Oracle Workflow CSS Vulnerability wf_monitor Kornbrust, Alexander (Oct 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]