| VID |
22047 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The PL/SQL module supplied with Oracle9iAS allows cross site scripting attacks to be performed. This vulnerability allows an attacker to construct a link to the script that includes maliciously constructed script code. When the link is clicked by a web user, the script code will be executed by the client in the context of the affected site. It may be exploited to by an attacker to steal cookie-based authentication credentials, permitting the attacker to hijack an http session and perform actions as a legitimate user.
* References:
http://www.cert.org/advisories/CA-2000-02.html
http://www.kb.cert.org/vuls/id/798611 |
| Recommendation |
Download and install the patch from the Metalink site, http://metalink.oracle.com. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
