CVE-2007-2119
Last modified
CVE-2007-2119 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary HTML or web script via the EXPTYPE parameter, aka SES01.. EPSS estimates a 4.35% chance of exploitation in the next 30 days.
Description
Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary HTML or web script via the EXPTYPE parameter, aka SES01.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Application Server | 9.0.4.3 |
| Oracle | Application Server | 10.1.2.0.2 |
| Oracle | Application Server | 10.1.2.2 |
| Oracle | Database Server | 9.2.0.8 |
| Oracle | Database Server | 10.1.0.5 |
| Oracle | Database Server | 10.2.0.2 |
References
- http://www.us-cert.gov/cas/techalerts/TA07-108A.htmlUS Government Resource
- http://www.us-cert.gov/cas/techalerts/TA07-108A.htmlUS Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-2119?
How severe is CVE-2007-2119?
How do I fix CVE-2007-2119?
Are you affected by CVE-2007-2119?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST