Intrusion Prevention

Oracle.BEA.Weblogic.Server.Console-help.Portal.XSS

Description

This indicates an attack attempt against a cross-site scripting (XSS) vulnerability in BEA Weblogic Server.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted console-help.portal page. It allows a remote attacker to inject arbitrary HTML and JavaScript code.

Affected Products

Oracle Weblogic Server 10.3

Impact

System compromise

Recommended Actions

Apply the patch available at the following website:
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2009.html

CVE References

CVE-2009-1975