Check Point Advisories

Update Protection against Oracle Application Server BPEL Module Cross Site Scripting

Check Point Reference: CPAI-2009-075
Date Published: 30 Apr 2009
Severity: Medium
Last Updated: Thursday 01 January, 2009
Source: Secunia Advisory: SA33525
Industry Reference:

CVE-2008-4014

Protection Provided by:
Who is Vulnerable? Oracle Application Server 10.1.3.1.0
Vulnerability Description Oracle Application Server is vulnerable to cross-site scripting due to lack of validation of user supplied data. Oracle Application Server is a multi-platform solution for developing and deploying enterprise applications and web sites. The flaw may be exploited by attackers to execute arbitrary HTML and script code on a user's web browser. An attacker can leverage this to gain read and write access to the web browser's session cookies and other sensitive information.
Update/Patch AvaliableOracle has released an advisory addressing this vulnerability:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2009.html 
Vulnerability DetailsA cross site scripting vulnerability exists in BPELConsole/default/activities.jsp page in BPEL module. Specifically, the vulnerability is due to insufficient validation of URL requests. An attack targeting this vulnerability can result in the injection and execution of script code.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK