Oracle BI Publisher Enterprise 10: Response Splitting Vulnerability

Users of Oracle BI Publisher Enterprise 10 please be advised of a Response Splitting vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

DSECRG-09-029: [DSECRG-09-029] Oracle BI Publisher Enterprise 10 – Response Splitting
Description

***********

Response Splitting Vulnerability found in Oracle Business Intelligence (BI Publisher Enterprise)

This vulnerability may be used as XSS or for Phishing user (PHiXSS) credentials using fake response from serverRead more at http://www.criticalwatch.com

 

Advertisements