Oracle.HTTP.Server.XSS
Description
This indicates a possible exploit of Cross-Site Scripting vulnerability in Oracle HTTP Server.
The vulnerability may allow an attacker to execute a malicious script in a victims browser, in the security context of the hosting site, as another user. This can be accomplished via the (1) action, (2) username, or (3) password parameters in an "isqlplus" request. It may allow the theft of cookie based authentication credentials or other attacks.
Affected Products
Oracle HTTP Server 9.2 .0 and earlier versions.
Impact
System compromise: access to authentication credentials and other cookie based information associated with a web site.
Recommended Actions
Apply appropriate patch from the vendor.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |