OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Cross Site Scripting in Oracle Webcache 9i Adminstrator Application

From: Alexander Kornbrust (akred-database-security.com)
Date: Thu Apr 28 2005 - 12:14:25 CDT


Red-Database-Security GmbH Research Advisory

Name Cross Site Scripting in Oracle Webcache 9i
Systems Affected Oracle Webcache
Severity Low Risk
Category Cross Site Scripting (CSS/XSS)
Vendor URL http://www.oracle.com
Author Alexander Kornbrust (ak at red-database-security.com)
Date 22 Apr 2005 (V 1.00)
Advisory number AKSEC2003-011

Description
###########
Cross Site Scripting in Oracle Webcache 9i Adminstrator Application.

More details available:
#######################

http://www.red-database-security.com/advisory/oracle_webcache_CSS_vulnerabilities.html

Patch Information
#################
This issue was fixed silently. Apply the latest patchset for Oracle Application Server.

History:
########
23 September 2003 Oracle secalert was informed
23 September 2003 Bug confirmed
26 April 2005 Advisory released

About Red-Database-Security GmbH
#################################
Red-Database-Security GmbH is a specialist in Oracle Security.

http://www.red-database-security.com