Intrusion PreventionOracle.WebLogic.Server.Console-help.Portal.XSS
Description
This indicates an attack attempt against a cross-site scripting (XSS) vulnerability in BEA Weblogic Server.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted console-help.portal page. It allows a remote attacker to inject arbitrary HTML and JavaScript code.
Affected Products
Oracle Weblogic Server 10.3
Impact
System compromise
Recommended Actions
Apply the patch available at the following website:
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2020-12-22 | 16.984 | Name:Oracle. BEA. Weblogic. Server. Console-help. Portal. XSS:Oracle. WebLogic. Server. Console-help. Portal. XSS |
| 2018-10-16 | 13.473 | Sig Added |
| ID | 17687 |
| Created | Sep 11, 2009 |
| Updated | Nov 15, 2021 |
| Risk |
|
| CVE ID | CVE-2009-1975 |
| Exploit Prediction Score | 92.67% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Oracle |