Detections
Analytics

Oracle Containers for J2EE Component Unspecified XSS

medium Nessus Plugin ID 71899

Language:

Synopsis

The remote host is affected by an unspecified cross-site scripting issue.

Description

The remote Oracle Application server is affected by an unspecified cross-site scripting vulnerability. Specifically, installations that do not set the 'HttpOnly' flag in session cookies are vulnerable.

Solution

See Oracle's Doc ID 1586861.1 for configuration change instructions that mitigate this vulnerability by setting the 'HttpOnly' flag in session cookies.

See Also

https://support.oracle.com/epmos/faces/DocumentDisplay?id=1586861.1

http://www.nessus.org/u?ac29c174

Plugin Details

Severity: Medium

ID: 71899

File Name: oracle_containers_cve_2013_5773.nasl

Version: 1.8

Type: remote

Published: 1/10/2014

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.5

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:oracle:fusion_middleware

Exploit Ease: No exploit is required

Patch Publication Date: 10/15/2013

Vulnerability Publication Date: 10/15/2013

Reference Information

CVE: CVE-2013-5773

BID: 63066

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990