Summary
This host is running Oracle HTTP Server and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Impact Level: Application
Solution
Upgrade to Oracle HTTP Server 11g or later,
For updates refer to http://www.oracle.com/technetwork/middleware/ias/downloads/index.html
Insight
The flaw is caused by improper validation of user-supplied input passed via the 'Expect' header from an HTTP request, which allows attackers to execute arbitrary HTML and script code on the web server.
Affected
Oracle HTTP Server for Oracle Application Server 10g Release 2.
References
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- IBM WebSphere Application Server JSF Application Information Disclosure Vulnerability
- IBM WebSphere Application Server (WAS) XSS and CSRF Vulnerabilities
- IBM WebSphere Application Server Administration Console DoS vulnerability
- JBoss Enterprise Application Platform Multiple Vulnerabilities
- CUPS Information Disclosure Vulnerability