CVE-2009-1968 - Unspecified vulnerability in the Secure Enterprise Search component in Oracle Database 10.1.8.3 allo

CVE-2009-1968

Summary

Unspecified vulnerability in the Secure Enterprise Search component in Oracle Database 10.1.8.3 allows remote attackers to affect integrity via unknown vectors. NOTE: the previous information was obtained from the July 2009 CPU. Oracle has not commented on claims from an established researcher that this is cross-site scripting (XSS) via the search_p_groups parameter in search/query/search.

References

Vulnerable Configurations

cpe:2.3:a:oracle:database_server:10.1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:database_server:10.1.8.3:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 17-08-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	35681
bugtraq	20090716 [DSECRG-09-025] Oracle Secure Enterprise Search 10.1.8 Linked XSS vulnerability
confirm	http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
misc	http://dsecrg.com/pages/vul/show.php?id=125
osvdb	55892
sectrack	1022560
secunia	35776
vupen	ADV-2009-1900
xf	oracle-db-ses-unspecified(51754)

Last major update

17-08-2017 - 01:30

Published

14-07-2009 - 23:30

Last modified

17-08-2017 - 01:30