Signature Detail
Short Name |
HTTP:XSS:ORACLE-ISQLPLUS |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Oracle HTTP Server isqlplus Cross Site Scripting |
Release Date |
2014/11/18 |
Update Number |
2441 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Oracle HTTP Server isqlplus Cross Site Scripting
This signature detects attempts to exploit a known cross site scripting vulnerability in Oracle HTTP Server isqlplus. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.
Extended Description
Oracle HTTP Server is reportedly prone to a cross-site scripting issue. This could permit a remote attacker to create a malicious link to the web server that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the web server and may allow for theft of cookie-based authentication credentials or other attacks.
Affected Products
- Oracle HTTP Server for Server 8.1.7
- Oracle HTTP Server for Server 9.0.1
- Oracle Oracle HTTP Server 8.1.7
- Oracle Oracle HTTP Server 9.0.1
- Oracle Oracle HTTP Server 9.2.0 .0
References
- BugTraq: 9484
- CVE: CVE-2004-2115