Check Point Advisories

Update Protection against Oracle Application Server (Oracle AS) Portal Cross Site Scripting

Check Point Reference: CPAI-2009-079
Date Published: 30 Apr 2009
Severity: Medium
Last Updated: Thursday 01 January, 2009
Source: Secunia Advisory: SA33761
Industry Reference:N/A
Protection Provided by:
Who is Vulnerable? Oracle Application Server Portal 10g
Vulnerability Description Oracle AS Portal is a Web-based application for building and deploying portals. A vulnerability has been identified in Oracle Application Server that could be exploited to conduct cross site scripting attacks. Attackers can run arbitrary code that can be executed by the user's browser in the security context of an affected site, allowing the attackers to gain read and write access to user's cookies and other sensitive information.
Update/Patch AvaliableThe vendor has not released an advisory addressing this vulnerability.
Vulnerability DetailsThe vulnerability is due to insufficient validation of URL requests. Remote attackers could exploit this vulnerability by persuading users to open crafted URLs that contain the malicious script injection. Successful exploitation would result in compromise of target user's cookies (including authentication cookies) associated with the site, and modification of user information.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK