Signature Detail

HTTP: Oracle Report Server Cross Site Script Attack

Ths signature detects cross-site scripting attacks against the Oracle report server. Oracle version 10G and earlier is affected.

Extended Description

Various Oracle Database Server, Oracle Enterprise Manager, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite and Applications, and Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne are affected by multiple vulnerabilities. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Oracle has released a Critical Patch Update advisory for October 2005 to address these vulnerabilities. This Critical Patch Update addresses the vulnerabilities for supported releases. Earlier, unsupported releases are likely to be affected by the issues as well. Specific details regarding these vulnerabilities are not currently available. This record will be updated and split into individual BIDs for each issue as further information is disclosed.

Affected Products

• HP HP-UX 11.11.0
• HP HP-UX 11.23.0
• HP HP-UX B.11.11
• HP HP-UX B.11.23
• Oracle Application Server 10.1.2.0.2
• Oracle Application Server 10g 9.0.4
• Oracle Application Server 10g 9.0.4 .1
• Oracle Application Server 10g 9.0.4 .2
• Oracle Application Server Release 2 10.1.2 .0.0
• Oracle Application Server Release 2 10.1.2 .0.1
• Oracle Application Server Release 2 10.1.2 .0.2
• Oracle Application Server Release 2 9.0.2 .1
• Oracle Application Server Release 2 9.0.2 .3
• Oracle Clinical 4.5.0
• Oracle Clinical 4.5.1
• Oracle Collaboration Suite Release 1 10.1.1
• Oracle Collaboration Suite Release 1
• Oracle Collaboration Suite Release 2 9.0.4 .2
• Oracle Developer Suite 10.1.2
• Oracle Developer Suite 9.0.2 .1
• Oracle Developer Suite 9.0.4 .1
• Oracle Developer Suite 9.0.4 .2
• Oracle E-Business Suite 11.0.0
• Oracle E-Business Suite 11i 11.5.0
• Oracle E-Business Suite 11i 11.5.1
• Oracle E-Business Suite 11i 11.5.10
• Oracle E-Business Suite 11i 11.5.2
• Oracle E-Business Suite 11i 11.5.3
• Oracle E-Business Suite 11i 11.5.4
• Oracle E-Business Suite 11i 11.5.5
• Oracle E-Business Suite 11i 11.5.6
• Oracle E-Business Suite 11i 11.5.7
• Oracle E-Business Suite 11i 11.5.8
• Oracle E-Business Suite 11i 11.5.9
• Oracle Enterprise Manager 9.0.4 .1
• Oracle Enterprise Manager Application Server Control 9.0.4 .1
• Oracle Enterprise Manager Application Server Control 9.0.4 .2
• Oracle Enterprise Manager Database Control 10g 10.1.0 .0.3
• Oracle Enterprise Manager Database Control 10g 10.1.0 .0.4
• Oracle Enterprise Manager Grid Control 10g 10.1.0 .3
• Oracle Enterprise Manager Grid Control 10g 10.1.0 .4
• Oracle JD Edwards EnterpriseOne 8.94.0 Q1
• Oracle JD Edwards EnterpriseOne 8.95.0 B1
• Oracle JD Edwards EnterpriseOne SP23 K1
• Oracle Oracle10g Application Server 10.1.0 .0.2
• Oracle Oracle10g Application Server 10.1.0 .0.3
• Oracle Oracle10g Application Server 10.1.0 .0.3.1
• Oracle Oracle10g Application Server 10.1.0 .0.4
• Oracle Oracle10g Application Server 10.1.2
• Oracle Oracle10g Enterprise Edition 10.1.0 .0.2
• Oracle Oracle10g Enterprise Edition 10.1.0 .0.3
• Oracle Oracle10g Enterprise Edition 10.1.0 .0.3.1
• Oracle Oracle10g Enterprise Edition 10.1.0 .0.4
• Oracle Oracle10g Enterprise Edition 10.1.0.4.2
• Oracle Oracle10g Personal Edition 10.1.0 .0.2
• Oracle Oracle10g Personal Edition 10.1.0 .0.3
• Oracle Oracle10g Personal Edition 10.1.0 .0.3.1
• Oracle Oracle10g Personal Edition 10.1.0 .0.4
• Oracle Oracle10g Standard Edition 10.1.0 .0.2
• Oracle Oracle10g Standard Edition 10.1.0 .0.3
• Oracle Oracle10g Standard Edition 10.1.0 .0.3.1
• Oracle Oracle10g Standard Edition 10.1.0 .0.4
• Oracle Oracle10g Standard Edition 10.1.0 .4.2
• Oracle Oracle8 8.0.6
• Oracle Oracle8 8.0.6 .3
• Oracle Oracle8 8.1.7 .4
• Oracle Oracle8i Enterprise Edition 8.1.7.4.0
• Oracle Oracle8i Standard Edition 8.0.6
• Oracle Oracle8i Standard Edition 8.0.6 .3
• Oracle Oracle8i Standard Edition 8.1.7 .4
• Oracle Oracle9i Application Server 9.0.2 .3
• Oracle Oracle9i Application Server 9.0.3 .1
• Oracle Oracle9i Application Server 9.2.0 .0.6
• Oracle Oracle9i Application Server 9.2.0 .0.7
• Oracle Oracle 9i Application Server Release 1 1.0.2 .2
• Oracle Oracle9i Application Server Web Cache 9.0.2 .3
• Oracle Oracle9i Application Server Web Cache 9.0.3 .1
• Oracle Oracle9i Enterprise Edition 9.0.1 .4
• Oracle Oracle9i Enterprise Edition 9.0.1 .5
• Oracle Oracle9i Enterprise Edition 9.0.1 .5 FIPS
• Oracle Oracle9i Enterprise Edition 9.2.0 .0.5
• Oracle Oracle9i Enterprise Edition 9.2.0.6.0
• Oracle Oracle9i Enterprise Edition 9.2.0.7.0
• Oracle Oracle9i Personal Edition 9.0.1 .4
• Oracle Oracle9i Personal Edition 9.0.1 .5
• Oracle Oracle9i Personal Edition 9.0.1 .5 FIPS
• Oracle Oracle9i Personal Edition 9.2.0 .0.5
• Oracle Oracle9i Personal Edition 9.2.0 .6
• Oracle Oracle9i Personal Edition 9.2.0 .7
• Oracle Oracle9i Standard Edition 9.0.1 .4
• Oracle Oracle9i Standard Edition 9.0.1 .5
• Oracle Oracle9i Standard Edition 9.0.1 .5 FIPS
• Oracle Oracle9i Standard Edition 9.2.0 .0.5
• Oracle Oracle9i Standard Edition 9.2.0 .6
• Oracle PeopleSoft Enterprise Customer Relationship Manage 8.9
• Oracle Workflow 11.5.1
• Oracle Workflow 11.5.9 .5
• PeopleSoft CRM 8.8.1
• PeopleSoft CRM 8.9.0
• PeopleSoft PeopleTools 8.10.0
• PeopleSoft PeopleTools 8.11.0
• PeopleSoft PeopleTools 8.12.0
• PeopleSoft PeopleTools 8.13.0
• PeopleSoft PeopleTools 8.14.0
• PeopleSoft PeopleTools 8.15.0
• PeopleSoft PeopleTools 8.16.0
• PeopleSoft PeopleTools 8.17.0
• PeopleSoft PeopleTools 8.18.0
• PeopleSoft PeopleTools 8.19.0
• PeopleSoft PeopleTools 8.20.0
• PeopleSoft PeopleTools 8.20.7
• PeopleSoft PeopleTools 8.40.0
• PeopleSoft PeopleTools 8.41.0
• PeopleSoft PeopleTools 8.42.0
• PeopleSoft PeopleTools 8.43.0
• PeopleSoft PeopleTools 8.45.5
• PeopleSoft PeopleTools 8.46.3

References

• BugTraq: 15134
• CVE: CVE-2005-0873
• URL: http://www.securityfocus.com/bid/12892