Oracle 应用程序表达(APEX) 跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1191400 漏洞类型 跨站脚本
发布时间 2007-03-07 更新时间 2007-03-07
CVE编号 CVE-2006-7158 CNNVD-ID CNNVD-200703-248
漏洞平台 N/A CVSS评分 4.3
|漏洞来源
https://www.securityfocus.com/bid/82058
https://cxsecurity.com/issue/WLB-2007030080
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200703-248
|漏洞详情
Oracle应用程序表达(APEX)2.2.1之前版本(又称OracleHTMLDB中存在跨站脚本攻击漏洞。远程攻击者可以借助NOTIFICATION_MSG参数,注入任意的web脚本或HTML。
|漏洞EXP
Cross-Site-Scripting Vulnerabilitiy in Oracle APEX NOTIFICATION_MSG

Name 	      Cross-Site-Scripting Vulnerabilitiy in Oracle APEX NOTIFICATION_MSG
Systems Affected 	Oracle APEX/HTMLDB
Severity 	Medium Risk
Category 	Cross Site Scripting (XSS/CSS)
Vendor URL 	http://www.oracle.com/
Author 	Alexander Kornbrust (ak at red-database-security.com)
Date 	      18 October 2006 (V 1.00)
Advisory    http://www.red-database-security.com/advisory/oracle_apex_css_notificati
on_msg.html

Details
#######
The parameter NOTIFCATION_MSG parameter contains a cross site scripting vulnerability.

Affected Products
#################
Oracle APEX/HTMLDB < 2.2.1

Patch Information
#################
This bug is fixed with the patch 2.2.1 of APEX which is not part of the Critical Patch Update October 2006. It's necessary to upgrade your APEX/HTMLDB installation to 2.2.1. Patches are currently not available for Oracle Application Express.

History
#######
03-oct-2005 Oracle secalert was informed
04-oct-2005 Bug confirmed
17-oct-2006 Oracle published CPU October 2006
18-oct-2006 Red-Database-Security published this advisory

Additional Information
######################
An analysis of the Oracle CPU Oct 2006 is available here http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html
|参考资料

来源:MISC
链接:http://www.red-database-security.com/advisory/oracle_apex_css_notification_msg.html
来源:XF
名称:oracle-notification-msg-xss(30107)
链接:http://xforce.iss.net/xforce/xfdb/30107
来源:BUGTRAQ
名称:20061023http://www.red-database-security.com/advisory/oracle_apex_css_notification_msg.html
链接:http://www.securityfocus.com/archive/1/archive/1/449501/100/0/threaded
来源:SECUNIA
名称:22396
链接:http://secunia.com/advisories/22396
来源:SREASON
名称:2382
链接:http://securityreason.com/securityalert/2382