Services
Oracle Audit / Hardening
Security Training
Consulting
Information
Oracle Security Blog
Published Alerts
Upcoming Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts
News & Events
Events
News
Company
Contact
People
Partner
Impressum
Sitemap
Search
|
Oracle Workflow CSS Vulnerability wf_monitor
Name |
Oracle Workflow CSS Vulnerability wf_monitor |
Systems Affected |
Oracle Database or Application Server |
Severity |
Low Risk |
Category |
Cross Site Scripting (CSS/XSS) |
Vendor URL |
http://www.oracle.com/ |
Author |
Alexander Kornbrust (ak at red-database-security.com) |
Date |
20 October 2005 (V 1.00) |
Bugno |
2005-S071E |
Time to fix |
236 days |
Details
Oracle Workflow is part of the database or application server installation. The parameter response form is vulnerable against XSS/CSS attacks.
Patch Information
Oracle fixed this issue with the patches from the critical patch update october 2005.
History
14-feb-2005 Oracle secalert was informed
15-feb-2003 Bug confirmed
18-oct-2005 Oracle published the Critical Patch Update October 2005 (CPU October 2005)
20-oct-2005 Red-Database-Security published this advisory
© 2005 by Red-Database-Security GmbH - last update 03-nov-2005
|
Oracle Workflow
Oracle Workflow is a complete business process management solution embedded in the Oracle database.
Its technology enables modeling, automation, and continuous improvement of business processes, routing information of any type according to user-defined business rules.
Oracle Workflow provides customers a scalable, production workflow system tuned for the high volumes associated with enterprise applications.
|