Vulnerabilities > CVE-2005-0873 - Remote Cross-Site Scripting vulnerability in Oracle 10G Reports Server 9.0.4.3.3

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
oracle
nessus
exploit available
NVD
Published: 2005-05-02
Updated: 2016-10-18

Summary

Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in Oracle Reports Server 10g (9.0.4.3.3) allow remote attackers to inject arbitrary web script or HTML via the (1) desname or (2) repprod parameter.

Vulnerable Configurations

Part Description Count
Application
Oracle
1

Exploit-Db

descriptionOracle Reports Server 10g Multiple Remote Cross-Site Scripting Vulnerabilities. CVE-2005-0873. Webapps exploit for jsp platform
idEDB-ID:25269
last seen2016-02-03
modified2005-03-24
published2005-03-24
reporterPaolo
sourcehttps://www.exploit-db.com/download/25269/
titleOracle Reports Server 10g Multiple Remote Cross-Site Scripting Vulnerabilities

Nessus

NASL familyDatabases
NASL idORACLE_REPORT_SERVER_XSS.NASL
descriptionThe remote host is running Oracle Report Server, a reporting application. The remote version of this software contains to a cross-site scripting vulnerability that may allow an attacker to use the remote host to perform a cross-site scripting attack.
last seen2020-06-01
modified2020-06-02
plugin id17614
published2005-03-24
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/17614
titleOracle Reports Server test.jsp Multiple Parameter XSS
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(17614);
 script_version("1.19");
 script_cvs_date("Date: 2018/07/18 17:43:55");

 script_cve_id("CVE-2005-0873");
 script_bugtraq_id(12892);

 script_name(english:"Oracle Reports Server test.jsp Multiple Parameter XSS");
 script_summary(english:"Tests for a XSS in Oracle Reporting Server");

 script_set_attribute(attribute:"synopsis", value:
"The remote host has an application that is affected by a cross-site
scripting vulnerability.");
 script_set_attribute(attribute:"description", value:
"The remote host is running Oracle Report Server, a reporting
application.  The remote version of this software contains to a
cross-site scripting vulnerability that may allow an attacker to use the
remote host to perform a cross-site scripting attack.");
 script_set_attribute(attribute:"solution", value:"Disable access to the file 'reports/Tools/test.jsp'");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

 script_set_attribute(attribute:"vuln_publication_date", value:"2005/03/25");
 script_set_attribute(attribute:"plugin_publication_date", value:"2005/03/24");

 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:10g_reports_server");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
 script_family(english:"Databases");

 script_dependencie("find_service1.nasl", "http_version.nasl");
 script_require_ports("Services/www", 80);
 script_require_keys("www/OracleApache");
 exit(0);
}

# Check starts here

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

port = get_http_port(default:80);
if(get_kb_item(string("www/", port, "/generic_xss"))) exit(0);

w = http_send_recv3(method:"GET", item:"/reports/examples/Tools/test.jsp?repprod<script>foo</script>", port:port);
if (isnull(w)) exit(1, "the web server did not answer");

if( ' repprod<script>foo</script> ' >< w[2] )
 {
 	security_warning(port);
	set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
 }

Saint

bid15134
descriptionOracle Security Component sys.pbsde buffer overflow
iddatabase_oracle_version
osvdb20612
titleoracle_security_pbsde
typeremote

References