Intrusion Prevention

Oracle.HTTP.Server.XSS

Description

This indicates a possible exploit of Cross-Site Scripting vulnerability in Oracle HTTP Server.
The vulnerability may allow an attacker to execute a malicious script in a victims browser, in the security context of the hosting site, as another user. This can be accomplished via the (1) action, (2) username, or (3) password parameters in an "isqlplus" request. It may allow the theft of cookie based authentication credentials or other attacks.

Affected Products

Oracle HTTP Server 9.2 .0 and earlier versions.

Impact

System compromise: access to authentication credentials and other cookie based information associated with a web site.

Recommended Actions

Apply appropriate patch from the vendor.

Coverage

IPS (Regular DB)
IPS (Extended DB)

ID	10478
Created	Aug 10, 2005
Updated	Jun 09, 2022
Risk
CVE ID	CVE-2004-2115
Exploit Prediction Score	95.88%
Default Action	drop
Active
Affected OS	Windows, Linux, Other
Affected App	Oracle

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Intrusion Prevention

Oracle.HTTP.Server.XSS

Description

Affected Products

Impact

Recommended Actions

Telemetry

Coverage

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Intrusion Prevention

Oracle.HTTP.Server.XSS

Description

Affected Products

Impact

Recommended Actions

Telemetry

Coverage

Threat Intelligence
Center