Oracle Audit / Hardening
Oracle Security Blog
Oracle Fact Sheets
News & Events
Oracle Workflow CSS Vulnerability wf_monitor
||Oracle Workflow CSS Vulnerability wf_monitor
||Oracle Database or Application Server
||Cross Site Scripting (CSS/XSS)
||Alexander Kornbrust (ak at red-database-security.com)
||20 October 2005 (V 1.00)
|Time to fix
Oracle Workflow is part of the database or application server installation. The parameter response form is vulnerable against XSS/CSS attacks.
Oracle fixed this issue with the patches from the critical patch update october 2005.
14-feb-2005 Oracle secalert was informed
15-feb-2003 Bug confirmed
18-oct-2005 Oracle published the Critical Patch Update October 2005 (CPU October 2005)
20-oct-2005 Red-Database-Security published this advisory
© 2005 by Red-Database-Security GmbH - last update 03-nov-2005
Oracle Workflow is a complete business process management solution embedded in the Oracle database.
Its technology enables modeling, automation, and continuous improvement of business processes, routing information of any type according to user-defined business rules.
Oracle Workflow provides customers a scalable, production workflow system tuned for the high volumes associated with enterprise applications.