Oracle Application Server XSQL Stylesheet Arbitrary Java Code Execution

This script is Copyright (C) 2001-2014 Matt Moore

Synopsis :

Arbitrary code can be run on the remote host.

Description :

The Oracle XSQL Servlet allows arbitrary Java code to be executed by an
attacker by supplying the URL of a malicious XSLT stylesheet when making
a request to an XSQL page.

Solution :

Until Oracle changes the default behavior for the XSQL servlet to
disallow client supplied stylesheets, use the following workaround.
Add allow-client-style='no' on the document element of every
xsql page on the server. This plug-in tests for this vulnerability
using a sample page, airport.xsql, which is supplied with the Oracle
XSQL servlet. Sample code should always be removed from production

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.5

Family: Databases

Nessus Plugin ID: 10594 ()

Bugtraq ID: 2295

CVE ID: CVE-2001-0126