|Main Archive Page > Month Archives > full-disclosure-uk archives|
-----BEGIN PGP SIGNED MESSAGE-----
Team SHATTER Security Advisory
Cross-site scripting in Oracle Enterprise Manager (REFRESHCHOICE Parameter)
August 4, 2008
Oracle Enterprise Manager Database Control 10gR1, 10gR2 and 11g (126.96.36.199)
This vulnerability was discovered and researched by Esteban Martínez Fayó of Application Security Inc.
Cross-site scripting vulnerabilities occur when an attacker tricks a legitimate web application into sending malicious code, generally in the form of a script, to an unsuspecting end user. The attack usually involves crafting a hyperlink with malicious script code embedded within it. A valid user is likely to click this link since it points to a resource on a trusted domain. The link can be posted on a web page, or sent in an instant message, or email. Clicking on the link executes the attacker-injected code in the context of the trusted web application. Typically, the code steals session cookies, which can then be used to impersonate a valid user.
The "REFRESHCHOICE" parameter used in web pages of Oracle Enterprise Manager are vulnerable to cross-site scripting attacks. User supplied input to these parameters is returned without proper sanitization, allowing a malicious attacker to inject arbitrary scripting code.
Attackers might steal administrator's session cookies, thereby allowing the attacker to impersonate the valid user.
Vendor was contacted and a patch was released.
There is no workaround for this issue.
Apply Oracle Critical Patch Update July 2008 available at Oracle Metalink.
Vendor Notification - 12/27/2007
Vendor Response - 12/27/2007
Fix - 7/15/2008
Public Disclosure - 7/23/2008
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
-----END PGP SIGNATURE-----