Services
Oracle Audit / Hardening
Security Training
Consulting

Information
Oracle Security Blog
Published AlertsRSS Published Alerts
Upcoming AlertsRSS Published Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts

News & Events
Events
News

Company
Contact
People
Partner
Impressum
Sitemap


Search



Search Red-Database-Security
Oracle Workflow CSS Vulnerability wf_route

Name Oracle Workflow CSS Vulnerability wf_route
Systems Affected Oracle Database or Application Server
Severity Low Risk
Category Cross Site Scripting (CSS/XSS)
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-security.com)
Date 20 October 2005 (V 1.00)
Bugno 2005-S072E
Time to fix 236 days


Details
Oracle Workflow is part of the database or application server installation. The parameter end date is vulnerable against XSS/CSS attacks.

Patch Information
Oracle fixed this issue with the patches from the critical patch update october 2005.

History
14-feb-2005 Oracle secalert was informed
15-feb-2003 Bug confirmed
18-oct-2005 Oracle published the Critical Patch Update October 2005 (CPU October 2005)
20-oct-2005 Red-Database-Security published this advisory



2005 by Red-Database-Security GmbH - last update 03-nov-2005

Oracle Workflow

Oracle Workflow is a complete business process management solution embedded in the Oracle database.

Its technology enables modeling, automation, and continuous improvement of business processes, routing information of any type according to user-defined business rules.

Oracle Workflow provides customers a scalable, production workflow system tuned for the high volumes associated with enterprise applications.