CVE-2005-0873
CVSS4.3
发布时间 :2005-05-02 00:00:00
修订时间 :2016-10-17 23:15:15
NMCOS    

[原文]Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in Oracle Reports Server 10g (9.0.4.3.3) allow remote attackers to inject arbitrary web script or HTML via the (1) desname or (2) repprod parameter.


[CNNVD]Oracle多个安全漏洞(CNNVD-200505-103)

        这些漏洞可能是本地或远程漏洞,影响Oracle产品的所有安全属性。攻击者可能利用这些漏洞破坏服务器的保密性、完整性或可用性,或执行任意代码。
        

- CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0873
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0873
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-103
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=111168323804203&w=2
(UNKNOWN)  BUGTRAQ  20050324 Oracle Reports Server 10g Vulnerable to XSS
http://www.kb.cert.org/vuls/id/210524
(UNKNOWN)  CERT-VN  VU#210524
http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html
(UNKNOWN)  CONFIRM  http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html
http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
(UNKNOWN)  CONFIRM  http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
http://www.securityfocus.com/bid/12892
(UNKNOWN)  BID  12892
http://www.securityfocus.com/bid/15134
(UNKNOWN)  BID  15134
http://www.us-cert.gov/cas/techalerts/TA05-292A.html
(UNKNOWN)  CERT  TA05-292A

- 漏洞信息

Oracle多个安全漏洞
中危 跨站脚本
2005-05-02 00:00:00 2005-10-20 00:00:00
远程  
        这些漏洞可能是本地或远程漏洞,影响Oracle产品的所有安全属性。攻击者可能利用这些漏洞破坏服务器的保密性、完整性或可用性,或执行任意代码。
        

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www1.itrc.hp.com/service/cki/docDisplay.do?hpweb_printable=true&docId=c00593668" target="_blank"

- 漏洞信息

15050
Oracle Reports Server test.jsp Multiple Parameter XSS
Remote / Network Access Input Manipulation
Loss of Confidentiality, Loss of Integrity
Exploit Public Vendor Verified

- 漏洞描述

Oracle Reports Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'desname' or 'repprod' variables upon submission to the test.jsp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

- 时间线

2005-03-24 Unknow
2005-03-24 Unknow

- 解决方案

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: remove the test.jsp file from the server

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Oracle October Security Update Multiple Vulnerabilities
Unknown 15134
Yes Yes
2005-10-18 12:00:00 2012-10-23 03:40:00
The following people are credited for the discovery of vulnerabilities listed in the Critical Patch Update: Brian Carr; Sacha Faust of S.P.I. Dynamics, Inc.; Esteban Martínez Fayó of Application Security, Inc.; Alexander Kornbrust of Red Database Securi

- 受影响的程序版本

PeopleSoft PeopleTools 8.46.3
PeopleSoft PeopleTools 8.45.5
PeopleSoft PeopleTools 8.43
PeopleSoft PeopleTools 8.42
PeopleSoft PeopleTools 8.41
PeopleSoft PeopleTools 8.40
PeopleSoft PeopleTools 8.20.7
PeopleSoft PeopleTools 8.20
PeopleSoft PeopleTools 8.19
PeopleSoft PeopleTools 8.18
PeopleSoft PeopleTools 8.17
PeopleSoft PeopleTools 8.16
PeopleSoft PeopleTools 8.15
PeopleSoft PeopleTools 8.14
PeopleSoft PeopleTools 8.13
PeopleSoft PeopleTools 8.12
PeopleSoft PeopleTools 8.11
PeopleSoft PeopleTools 8.10
PeopleSoft CRM 8.9
PeopleSoft CRM 8.8.1
Oracle Workflow 11.5.9 .5
Oracle Workflow 11.5.1
Oracle PeopleSoft Enterprise Customer Relationship Manage 8.9
Oracle Oracle9i Standard Edition 9.2 .6
Oracle Oracle9i Standard Edition 9.2 .0.5
Oracle Oracle9i Standard Edition 9.0.1 .5 FIPS
Oracle Oracle9i Standard Edition 9.0.1 .5
Oracle Oracle9i Standard Edition 9.0.1 .4
Oracle Oracle9i Personal Edition 9.2 .7
Oracle Oracle9i Personal Edition 9.2 .6
Oracle Oracle9i Personal Edition 9.2 .0.5
Oracle Oracle9i Personal Edition 9.0.1 .5 FIPS
Oracle Oracle9i Personal Edition 9.0.1 .5
Oracle Oracle9i Personal Edition 9.0.1 .4
Oracle Oracle9i Enterprise Edition 9.2 .7.0
Oracle Oracle9i Enterprise Edition 9.2 .6.0
Oracle Oracle9i Enterprise Edition 9.2 .0.5
Oracle Oracle9i Enterprise Edition 9.0.1 .5 FIPS
Oracle Oracle9i Enterprise Edition 9.0.1 .5
Oracle Oracle9i Enterprise Edition 9.0.1 .4
Oracle Oracle9i Application Server Web Cache 9.0.3 .1
Oracle Oracle9i Application Server Web Cache 9.0.2 .3
Oracle Oracle9i Application Server 9.2 .0.7
Oracle Oracle9i Application Server 9.2 .0.6
Oracle Oracle9i Application Server 9.0.3 .1
Oracle Oracle9i Application Server 9.0.2 .3
Oracle Oracle8i Standard Edition 8.1.7 .4
Oracle Oracle8i Standard Edition 8.0.6 .3
Oracle Oracle8i Standard Edition 8.0.6
Oracle Oracle8i Enterprise Edition 8.1.7 .4.0
Oracle Oracle8 8.1.7 .4
Oracle Oracle8 8.0.6 .3
Oracle Oracle8 8.0.6
Oracle Oracle10g Standard Edition 10.1 .4.2
Oracle Oracle10g Standard Edition 10.1 .0.4
Oracle Oracle10g Standard Edition 10.1 .0.3.1
Oracle Oracle10g Standard Edition 10.1 .0.3
Oracle Oracle10g Standard Edition 10.1 .0.2
Oracle Oracle10g Personal Edition 10.1 .0.4
Oracle Oracle10g Personal Edition 10.1 .0.3.1
Oracle Oracle10g Personal Edition 10.1 .0.3
Oracle Oracle10g Personal Edition 10.1 .0.2
Oracle Oracle10g Enterprise Edition 10.1 .4.2
Oracle Oracle10g Enterprise Edition 10.1 .0.4
Oracle Oracle10g Enterprise Edition 10.1 .0.3.1
Oracle Oracle10g Enterprise Edition 10.1 .0.3
Oracle Oracle10g Enterprise Edition 10.1 .0.2
Oracle Oracle10g Application Server 10.1.2
Oracle Oracle10g Application Server 10.1 .0.4
Oracle Oracle10g Application Server 10.1 .0.3.1
Oracle Oracle10g Application Server 10.1 .0.3
Oracle Oracle10g Application Server 10.1 .0.2
Oracle Oracle 9i Application Server Release 1 1.0.2 .2
Oracle JD Edwards EnterpriseOne 8.95 _B1
Oracle JD Edwards EnterpriseOne 8.94 _Q1
Oracle JD Edwards EnterpriseOne SP23_K1
Oracle Enterprise Manager Grid Control 10g 10.1 .4
Oracle Enterprise Manager Grid Control 10g 10.1 .3
Oracle Enterprise Manager Database Control 10g 10.1 .0.4
Oracle Enterprise Manager Database Control 10g 10.1 .0.3
Oracle Enterprise Manager Application Server Control 9.0.4 .2
Oracle Enterprise Manager Application Server Control 9.0.4 .1
Oracle Enterprise Manager 9.0.4 .1
Oracle E-Business Suite 11i 11.5.10
Oracle E-Business Suite 11i 11.5.9
Oracle E-Business Suite 11i 11.5.8
Oracle E-Business Suite 11i 11.5.7
Oracle E-Business Suite 11i 11.5.6
Oracle E-Business Suite 11i 11.5.5
Oracle E-Business Suite 11i 11.5.4
Oracle E-Business Suite 11i 11.5.3
Oracle E-Business Suite 11i 11.5.2
Oracle E-Business Suite 11i 11.5.1
Oracle E-Business Suite 11i 11.5
Oracle E-Business Suite 11.0
Oracle Developer Suite 10.1.2
Oracle Developer Suite 9.0.4 .2
Oracle Developer Suite 9.0.4 .1
Oracle Developer Suite 9.0.2 .1
Oracle Collaboration Suite Release 2 9.0.4 .2
Oracle Collaboration Suite Release 1 10.1.1
Oracle Collaboration Suite Release 1
Oracle Clinical 4.5.1
Oracle Clinical 4.5
Oracle Application Server Release 2 10.1.2 .0.2
Oracle Application Server Release 2 10.1.2 .0.1
Oracle Application Server Release 2 10.1.2 .0.0
Oracle Application Server Release 2 9.0.2 .3
Oracle Application Server Release 2 9.0.2 .1
Oracle Application Server 10g 9.0.4 .2
Oracle Application Server 10g 9.0.4 .1
Oracle Application Server 10g 9.0.4
Oracle Application Server 10.1.2 .0.2
HP HP-UX 11.23
HP HP-UX 11.11
HP HP-UX B.11.23
HP HP-UX B.11.11

- 漏洞讨论

Various Oracle Database Server, Oracle Enterprise Manager, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite and Applications, and Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne are affected by multiple vulnerabilities.

The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats.

Oracle has released a Critical Patch Update advisory for October 2005 to address these vulnerabilities. This Critical Patch Update addresses the vulnerabilities for supported releases. Earlier, unsupported releases are likely to be affected by the issues as well.

Specific details regarding these vulnerabilities are not currently available.

This record will be updated and split into individual BIDs for each issue as further information is disclosed.

- 漏洞利用

An exploit would not be required for some of these issues such as the SQL injection vulnerabilities. Other issues would likely require exploit code.

The following proof of concept code provided by <oracle_secalert@hushmail.com> is available for DB27:

SQL> exec
sys.pbsde.init('AA',TRUE,'MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_A
NN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MA
RY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSO
N_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON',NULL);
BEGIN
sys.pbsde.init('AA',TRUE,'MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_A
NN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MA
RY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSO
N_MARY_ANN_DAVIDSON_MARY_ANN_DAVIDSON',NULL); END;

---
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Oracle has released a Critical Patch Update (Critical Patch Update - October 2005) to address these issues. Information regarding obtaining and applying appropriate patches can be found in the referenced Oracle Critical Patch Update.

Pre-installation notes for Oracle Database Server can be found at the following location:
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=333956.1

Pre-installation notes for Oracle Application Server can be found at the following location:
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=333959.1

Pre-installation notes for Oracle Collaboration Suite can be found at the following location:
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=333961.1

Pre-installation notes for Oracle E-Business Suite and Applications can be found at the following location:
http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=333963.1

Pre-installation notes for Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne can be found at the following location:
http://www.peoplesoft.com/corp/en/support/security_index.jsp

A message from "David Litchfield" <davidl@ngssoftware.com> is available that states that some of the vulnerabilities in Oracle Critical Patch Update - October 2005 may not have been successfully fixed by Oracle. Users of affected packages should refer to the referenced message, and contact their vendor for further information on the status of fixes.

HP has released advisory HPSBMA01235 (SSRT051055 rev.0 - HP Oracle for OpenView (OfO) Critical Patch Update October 2005) to identify vulnerable HP packages and fixes. HP advises users of Oracle for Openview who have support contracts with Oracle to obtain Critical Patch Update - October 2005 from Oracle. Users of Oracle for Openview who have support contracts with HP can contact HP for fixes. Please see the referenced advisory for more information.

A message from "NGSSoftware Insight Security Research" <nisr@nextgenss.com> (Oracle October 2005 CPU Problems) states that there is a flaw in the fix for the CTXSYS component of Oracle 8.1.7.4 on all platforms. Please see the referenced message for further details on this issue.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站