ID CVE-2009-1968
Summary Unspecified vulnerability in the Secure Enterprise Search component in Oracle Database 10.1.8.3 allows remote attackers to affect integrity via unknown vectors. NOTE: the previous information was obtained from the July 2009 CPU. Oracle has not commented on claims from an established researcher that this is cross-site scripting (XSS) via the search_p_groups parameter in search/query/search.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:database_server:10.1.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:database_server:10.1.8.3:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 17-08-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:P/A:N
refmap via4
bid 35681
bugtraq 20090716 [DSECRG-09-025] Oracle Secure Enterprise Search 10.1.8 Linked XSS vulnerability
confirm http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
misc http://dsecrg.com/pages/vul/show.php?id=125
osvdb 55892
sectrack 1022560
secunia 35776
vupen ADV-2009-1900
xf oracle-db-ses-unspecified(51754)
Last major update 17-08-2017 - 01:30
Published 14-07-2009 - 23:30
Last modified 17-08-2017 - 01:30
Back to Top