lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20051020063950.31774.qmail@securityfocus.com>
Date: 20 Oct 2005 06:39:50 -0000
From: ak@...-database-security.com
To: bugtraq@...urityfocus.com
Subject: Oracle Workflow CSS Vulnerability wf_route


Dear Reader,

The Oracle Critical Patch Update October 2005 provides fixes for 2 Cross-Site-
Scripting vulnerabilities in Oracle Workflow found by Red-Database-Security GmbH. 

I know that the severity and impact of CSS bugs is low. My critical security bugs
in Oracle (e.g. become DBA via the import utility or security problems in 
Transparent Data Encryption (TDE)) are still unfixed.

The following (remote exploitable) bug for example is now unfixed since 800 (!) 
days ( = 19.200 hours).
http://www.red-database-security.com/advisory/oracle_reports_overwrite_any_file.html

If you think that 800 days are a little bit too long you should contact 
Oracle and ask for the reason. If you are lucky you will get patches from Oracle 
with the next critical patch update january 2006 (= 889 days later) or april
2006 (=980 days later).

A list of upcoming security issues is available here:
http://www.red-database-security.com/advisory/upcoming_alerts.html


Regards

 Alexander Kornbrust



Oracle Workflow CSS Vulnerability wf_route
############################################

 Name                Oracle Workflow CSS Vulnerability wf_route 
 Systems Affected    Oracle Database or Application Server 
 Severity            Low Risk  
 Category            Cross Site Scripting 
 Vendor URL          http://www.oracle.com/technology/deploy/security/pdf/cpuoct2005.html
 This Advisory       http://www.red-database-security.com/advisory/oracle_workflow_css_wf_route.html  
 Author              Alexander Kornbrust (ak at red-database-security.com)  
 Date                20 October 2005 (V 1.00)  
 Bugnumber           2005-S072E
 Time to fix         236 days

 
Details
#######
Oracle Workflow is part of the database or application server installation. The parameter end date is vulnerable against XSS/CSS attacks. 


Testcase
########
Run the URL http://server:7778/pls/owf_mgr/wf_route.CreateRule and add javascript code into the field "end date"


Patch Information
#################
Oracle fixed this issue with the patches from the critical patch update october 2005.

All already published alerts are available on the web site of Red-Database-Security GmbH
http://www.red-database-security.com/advisory/published_alerts.html


History
#######
14-feb-2005 Oracle secalert was informed
15-feb-2003 Bug confirmed
18-oct-2005 Oracle published the Critical Patch Update October 2005 (CPU October 2005)
20-oct-2005 Red-Database-Security published this advisory


(c) 2005 by Red-Database-Security GmbH


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ