Signature Detail

HTTP: Oracle Report Server Cross Site Script Attack

Ths signature detects cross-site scripting attacks against the Oracle report server. Oracle version 10G and earlier is affected.

Extended Description

Various Oracle Database Server, Oracle Enterprise Manager, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite and Applications, and Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne are affected by multiple vulnerabilities. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Oracle has released a Critical Patch Update advisory for October 2005 to address these vulnerabilities. This Critical Patch Update addresses the vulnerabilities for supported releases. Earlier, unsupported releases are likely to be affected by the issues as well. Specific details regarding these vulnerabilities are not currently available. This record will be updated and split into individual BIDs for each issue as further information is disclosed.

Affected Products

• Hp hp-ux 11.11.0
• Hp hp-ux 11.23.0
• Hp hp-ux B.11.11
• Hp hp-ux B.11.23
• Oracle application_server 10.1.2.0.2
• Oracle application_server_10g 9.0.4
• Oracle application_server_10g 9.0.4 .1
• Oracle application_server_10g 9.0.4 .2
• Oracle application_server_release_2 10.1.2 .0.0
• Oracle application_server_release_2 10.1.2 .0.1
• Oracle application_server_release_2 10.1.2 .0.2
• Oracle application_server_release_2 9.0.2 .1
• Oracle application_server_release_2 9.0.2 .3
• Oracle clinical 4.5.0
• Oracle clinical 4.5.1
• Oracle collaboration_suite_release_1 10.1.1
• Oracle collaboration_suite_release_1
• Oracle collaboration_suite_release_2 9.0.4 .2
• Oracle developer_suite 10.1.2
• Oracle developer_suite 9.0.2 .1
• Oracle developer_suite 9.0.4 .1
• Oracle developer_suite 9.0.4 .2
• Oracle e-business_suite 11.0.0
• Oracle e-business_suite_11i 11.5.0
• Oracle e-business_suite_11i 11.5.1
• Oracle e-business_suite_11i 11.5.10
• Oracle e-business_suite_11i 11.5.2
• Oracle e-business_suite_11i 11.5.3
• Oracle e-business_suite_11i 11.5.4
• Oracle e-business_suite_11i 11.5.5
• Oracle e-business_suite_11i 11.5.6
• Oracle e-business_suite_11i 11.5.7
• Oracle e-business_suite_11i 11.5.8
• Oracle e-business_suite_11i 11.5.9
• Oracle enterprise_manager 9.0.4 .1
• Oracle enterprise_manager_application_server_control 9.0.4 .1
• Oracle enterprise_manager_application_server_control 9.0.4 .2
• Oracle enterprise_manager_database_control_10g 10.1.0 .0.3
• Oracle enterprise_manager_database_control_10g 10.1.0 .0.4
• Oracle enterprise_manager_grid_control_10g 10.1.0 .3
• Oracle enterprise_manager_grid_control_10g 10.1.0 .4
• Oracle jd_edwards_enterpriseone 8.94.0 Q1
• Oracle jd_edwards_enterpriseone 8.95.0 B1
• Oracle jd_edwards_enterpriseone SP23 K1
• Oracle oracle10g_application_server 10.1.0 .0.2
• Oracle oracle10g_application_server 10.1.0 .0.3
• Oracle oracle10g_application_server 10.1.0 .0.3.1
• Oracle oracle10g_application_server 10.1.0 .0.4
• Oracle oracle10g_application_server 10.1.2
• Oracle oracle10g_enterprise_edition 10.1.0 .0.2
• Oracle oracle10g_enterprise_edition 10.1.0 .0.3
• Oracle oracle10g_enterprise_edition 10.1.0 .0.3.1
• Oracle oracle10g_enterprise_edition 10.1.0 .0.4
• Oracle oracle10g_enterprise_edition 10.1.0.4.2
• Oracle oracle10g_personal_edition 10.1.0 .0.2
• Oracle oracle10g_personal_edition 10.1.0 .0.3
• Oracle oracle10g_personal_edition 10.1.0 .0.3.1
• Oracle oracle10g_personal_edition 10.1.0 .0.4
• Oracle oracle10g_standard_edition 10.1.0 .0.2
• Oracle oracle10g_standard_edition 10.1.0 .0.3
• Oracle oracle10g_standard_edition 10.1.0 .0.3.1
• Oracle oracle10g_standard_edition 10.1.0 .0.4
• Oracle oracle10g_standard_edition 10.1.0 .4.2
• Oracle oracle8 8.0.6
• Oracle oracle8 8.0.6 .3
• Oracle oracle8 8.1.7 .4
• Oracle oracle8i_enterprise_edition 8.1.7.4.0
• Oracle oracle8i_standard_edition 8.0.6
• Oracle oracle8i_standard_edition 8.0.6 .3
• Oracle oracle8i_standard_edition 8.1.7 .4
• Oracle oracle9i_application_server 9.0.2 .3
• Oracle oracle9i_application_server 9.0.3 .1
• Oracle oracle9i_application_server 9.2.0 .0.6
• Oracle oracle9i_application_server 9.2.0 .0.7
• Oracle oracle_9i_application_server_release_1 1.0.2 .2
• Oracle oracle9i_application_server_web_cache 9.0.2 .3
• Oracle oracle9i_application_server_web_cache 9.0.3 .1
• Oracle oracle9i_enterprise_edition 9.0.1 .4
• Oracle oracle9i_enterprise_edition 9.0.1 .5
• Oracle oracle9i_enterprise_edition 9.0.1 .5 FIPS
• Oracle oracle9i_enterprise_edition 9.2.0 .0.5
• Oracle oracle9i_enterprise_edition 9.2.0.6.0
• Oracle oracle9i_enterprise_edition 9.2.0.7.0
• Oracle oracle9i_personal_edition 9.0.1 .4
• Oracle oracle9i_personal_edition 9.0.1 .5
• Oracle oracle9i_personal_edition 9.0.1 .5 FIPS
• Oracle oracle9i_personal_edition 9.2.0 .0.5
• Oracle oracle9i_personal_edition 9.2.0 .6
• Oracle oracle9i_personal_edition 9.2.0 .7
• Oracle oracle9i_standard_edition 9.0.1 .4
• Oracle oracle9i_standard_edition 9.0.1 .5
• Oracle oracle9i_standard_edition 9.0.1 .5 FIPS
• Oracle oracle9i_standard_edition 9.2.0 .0.5
• Oracle oracle9i_standard_edition 9.2.0 .6
• Oracle peoplesoft_enterprise_customer_relationship_manage 8.9
• Oracle workflow 11.5.1
• Oracle workflow 11.5.9 .5
• Peoplesoft crm 8.8.1
• Peoplesoft crm 8.9.0
• Peoplesoft peopletools 8.10.0
• Peoplesoft peopletools 8.11.0
• Peoplesoft peopletools 8.12.0
• Peoplesoft peopletools 8.13.0
• Peoplesoft peopletools 8.14.0
• Peoplesoft peopletools 8.15.0
• Peoplesoft peopletools 8.16.0
• Peoplesoft peopletools 8.17.0
• Peoplesoft peopletools 8.18.0
• Peoplesoft peopletools 8.19.0
• Peoplesoft peopletools 8.20.0
• Peoplesoft peopletools 8.20.7
• Peoplesoft peopletools 8.40.0
• Peoplesoft peopletools 8.41.0
• Peoplesoft peopletools 8.42.0
• Peoplesoft peopletools 8.43.0
• Peoplesoft peopletools 8.45.5
• Peoplesoft peopletools 8.46.3

References

• BugTraq: 15134
• CVE: CVE-2005-0873
• URL: http://www.securityfocus.com/bid/12892