HTTP: Oracle Report Server Cross Site Script Attack
Ths signature detects cross-site scripting attacks against the Oracle report server. Oracle version 10G and earlier is affected.
Extended Description
Various Oracle Database Server, Oracle Enterprise Manager, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite and Applications, and Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne are affected by multiple vulnerabilities. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Oracle has released a Critical Patch Update advisory for October 2005 to address these vulnerabilities. This Critical Patch Update addresses the vulnerabilities for supported releases. Earlier, unsupported releases are likely to be affected by the issues as well. Specific details regarding these vulnerabilities are not currently available. This record will be updated and split into individual BIDs for each issue as further information is disclosed.
Affected Products
Oracle oracle9i_personal_edition
Short Name
HTTP:XSS:ORACLE-REPORT-SVR
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Attack CVE-2005-0873 Cross Oracle Report Script Server Site bid:15134
Release Date
04/28/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Oracle
Hp
Peoplesoft
CVSS Score
4.3