Vulnerabilities > CVE-2005-3202 - Cross-Site Scripting vulnerability in Oracle HTML DB 1.3/1.3.6

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
oracle
nessus

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 allow remote attackers to inject arbitrary web script or HTML, and subsequently execute SQL statements via the (1) p or (2) p_t02 parameters.

Vulnerable Configurations

Part Description Count
Application
Oracle
2

Nessus

  • NASL familyDatabases
    NASL idORACLE_MULTIPLE.NASL
    descriptionAccording to its version number, the installation of Oracle on the remote host is reportedly subject to multiple vulnerabilities, some of which don
    last seen2020-06-01
    modified2020-06-02
    plugin id18034
    published2005-04-13
    reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18034
    titleOracle Database 10g Multiple Remote Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    
    include("compat.inc");
    
    if (description) {
      script_id(18034);
      script_version("1.32");
    
      script_cve_id(
        "CVE-2004-1774",
        "CVE-2005-3202",
        "CVE-2005-3203",
        "CVE-2005-4832"
      );
      script_bugtraq_id(
        13145,
        13144,
        13139,
        13238,
        13236,
        13235,
        13234,
        13239,
        15031,
        15033
      );
    
      script_name(english:"Oracle Database 10g Multiple Remote Vulnerabilities");
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote database server suffers from multiple flaws." );
     script_set_attribute(attribute:"description", value:
    "According to its version number, the installation of Oracle on the
    remote host is reportedly subject to multiple vulnerabilities, some of
    which don't require authentication.  They may allow an attacker to
    craft SQL queries such that they would be able to retrieve any file on
    the system and potentially retrieve and/or modify confidential data on
    the target's Oracle server." );
     script_set_attribute(attribute:"solution", value:
    "http://www.red-database-security.com/advisory/oracle_htmldb_css.html
    http://www.red-database-security.com/advisory/oracle_htmldb_plaintext_password.html
    http://www.oracle.com/technetwork/topics/security/cpuapr2005-132777.pdf" );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    script_set_attribute(attribute:"exploithub_sku", value:"EH-11-844");
     script_set_attribute(attribute:"exploit_framework_exploithub", value:"true");
     script_set_attribute(attribute:"plugin_publication_date", value: "2005/04/13");
     script_set_attribute(attribute:"vuln_publication_date", value: "2004/09/01");
     script_set_attribute(attribute:"patch_publication_date", value: "2005/04/12");
     script_cvs_date("Date: 2018/07/18 17:43:55");
    script_set_attribute(attribute:"plugin_type", value:"remote");
    script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:database_server");
    script_end_attributes();
    
     
      script_summary(english:"Checks for multiple remote vulnerabilities in Oracle Database");
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
      script_family(english:"Databases");
      script_dependencie("oracle_tnslsnr_version.nasl");
      script_require_ports("Services/oracle_tnslsnr");
    
      exit(0);
    }
    
    #broken
    exit (0);
    
    port = get_kb_item("Services/oracle_tnslsnr");
    if (isnull(port)) exit(0);
    
    
    version = get_kb_item(string("oracle_tnslsnr/", port, "/version"));
    if (version) {
      if (ereg(pattern:".*Version (8\.(0\.|1\.([0-6]\.|7\.[0-4]))|9\.(0\.(0\.|1\.[0-5]|2\.[0-6]|3\.[0-1]|4\.[0-1])|2\.0\.[0-6])|10\.(0\.|1\.0\.[0-4])|11\.([0-4]\.|5\.[0-9][^0-9]))", string:version)) security_hole(port);
    }
    
  • NASL familyDatabases
    NASL idORACLE_RDBMS_CPU_OCT_2005.NASL
    descriptionThe remote Oracle database server is missing the October 2005 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Change Data Capture - Data Guard Logical Standby - Data Pump Export - Database Scheduler - Export - Locale - Materialized Views - Objects Extension - Oracle HTTP Server - Oracle Intelligent Agent - Oracle Internet Directory - Oracle Label Security - Oracle Security Service - Oracle Single Sign-On - Oracle Spatial - Oracle Workflow Cartridge - PL/SQL - Programmatic Interface - Security - Workspace Manager
    last seen2020-06-02
    modified2011-11-16
    plugin id56050
    published2011-11-16
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56050
    titleOracle Database Multiple Vulnerabilities (October 2005 CPU)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    include('compat.inc');
    
    if (description)
    {
      script_id(56050);
      script_version("1.13");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01");
    
      script_cve_id(
        "CVE-2005-3202",
        "CVE-2005-3203",
        "CVE-2005-3204",
        "CVE-2005-3205",
        "CVE-2005-3206",
        "CVE-2005-3207"
      );
      script_bugtraq_id(
        15030,
        15031,
        15032,
        15033,
        15034,
        15039
      );
    
      script_name(english:"Oracle Database Multiple Vulnerabilities (October 2005 CPU)");
      script_summary(english:"Checks installed patch info");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote database server is affected by multiple vulnerabilities.");
    
      script_set_attribute(attribute:"description", value:
    "The remote Oracle database server is missing the October 2005
    Critical Patch Update (CPU) and therefore is potentially affected by
    security issues in the following components :
    
      - Change Data Capture
    
      - Data Guard Logical Standby
    
      - Data Pump Export
    
      - Database Scheduler
    
      - Export
    
      - Locale
    
      - Materialized Views
    
      - Objects Extension
    
      - Oracle HTTP Server
    
      - Oracle Intelligent Agent
    
      - Oracle Internet Directory
    
      - Oracle Label Security
    
      - Oracle Security Service
    
      - Oracle Single Sign-On
    
      - Oracle Spatial
    
      - Oracle Workflow Cartridge
    
      - PL/SQL
    
      - Programmatic Interface
    
      - Security
    
      - Workspace Manager");
    
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?81b9fa6c");
      script_set_attribute(attribute:"solution", value:
    "Apply the appropriate patch according to the October 2005 Oracle
    Critical Patch Update advisory.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(79);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/10/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2005/10/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/11/16");
    
      script_set_attribute(attribute:"plugin_type", value:"combined");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:database_server");
      script_set_attribute(attribute:"agent", value:"all");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Databases");
    
      script_copyright(english:"This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("oracle_rdbms_query_patch_info.nbin", "oracle_rdbms_patch_info.nbin");
    
      exit(0);
    }
    
    include("oracle_rdbms_cpu_func.inc");
    
    ################################################################################
    # OCT2005
    patches = make_nested_array();
    
    # RDBMS 10.1.0.4
    patches["10.1.0.4"]["db"]["nix"] = make_array("patch_level", "10.1.0.4.3", "CPU", "4567866");
    patches["10.1.0.4"]["db"]["win32"] = make_array("patch_level", "10.1.0.4.6", "CPU", "4579182");
    # RDBMS 10.1.0.3
    patches["10.1.0.3"]["db"]["nix"] = make_array("patch_level", "10.1.0.3.4", "CPU", "4567863");
    patches["10.1.0.3"]["db"]["win32"] = make_array("patch_level", "10.1.0.3.10", "CPU", "4567518");
    
    check_oracle_database(patches:patches);