| Check Point Reference: |
CPAI-2009-079 |
| Date Published: |
30 Apr 2009 |
| Severity: |
Medium
|
| Last Updated: |
Thursday 01 January, 2009 |
| Source: |
Secunia Advisory: SA33761 |
| Industry Reference: | N/A |
| Protection Provided by: |
|
| Who is Vulnerable? | Oracle Application Server Portal 10g |
| Vulnerability Description |
Oracle AS Portal is a Web-based application for building and deploying portals. A vulnerability has been identified in Oracle Application Server that could be exploited to conduct cross site scripting attacks. Attackers can run arbitrary code that can be executed by the user's browser in the security context of an affected site, allowing the attackers to gain read and write access to user's cookies and other sensitive information. |
| Update/Patch Avaliable | The vendor has not released an advisory addressing this vulnerability. |
| Vulnerability Details | The vulnerability is due to insufficient validation of URL requests. Remote attackers could exploit this vulnerability by persuading users to open crafted URLs that contain the malicious script injection. Successful exploitation would result in compromise of target user's cookies (including authentication cookies) associated with the site, and modification of user information. |
Feedback