Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormEgiXPACKETSTORM:150975
HistoryJan 01, 2019 - 12:00 a.m.

Oracle Application Express AnyChart Flash-Based Cross Site Scripting

2019-01-0100:00:00
EgiX
packetstormsecurity.com
50

EPSS

0.001

Percentile

50.3%

JSON
`------------------------------------------------------------------------------------  
Oracle Application Express (AnyChart) Flash-based Cross-Site Scripting Vulnerability  
------------------------------------------------------------------------------------  
  
  
[-] Software Link:  
  
https://apex.oracle.com/  
  
  
[-] Affected Versions:  
  
All versions prior to 5.1.4.00.08.  
  
  
[-] Vulnerability Description:  
  
The vulnerability is located in the OracleAnyChart.swf file. User input passed through  
the "__externalobjid" GET parameter is not properly sanitized before being passed to the  
"ExternalInterface.call" method. This can be exploited to carry out reflected Cross-Site  
Scripting (XSS) attacks by tricking a victim user into opening an URL like the following:  
  
https://[apex-app]/i/flashchart/anychart_6/swf/OracleAnyChart.swf?__externalobjid=%27))}catch(e){evil_js_code()}//  
  
  
[-] Solution:  
  
Update to version 5.1.4.00.08 or later.  
  
  
[-] Disclosure Timeline:  
  
[13/11/2017] - Both vendors notified (using the [email protected] and [email protected] addresses)  
[14/11/2017] - Acknowledgment received from AnyChart  
[14/11/2017] - Acknowledgment received from Oracle  
[15/11/2017] - AnyChart said this issue has been investigated in 2014 and they sent a security update to Oracle  
[22/11/2017] - Oracle response stating they filed a security bug to track this issue  
[12/01/2018] - Oracle response stating the issue will be fixed in the upcoming Critical Patch Update (CPU)  
[16/01/2018] - Oracle fixed the issue in the January Critical Patch Update (CPU)  
[31/12/2018] - Public disclosure  
  
  
[-] CVE Reference:  
  
The Common Vulnerabilities and Exposures project (cve.mitre.org)  
has assigned the name CVE-2018-2699 to this vulnerability.  
  
  
[-] Credits:  
  
Vulnerability discovered by Egidio Romano.  
  
  
[-] Original Advisory:  
  
http://karmainsecurity.com/KIS-2018-01  
  
  
[-] Other References:  
  
https://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html  
`

Related

prion 1
nvd 1
cvelist 1
cve 1
openvas 1
checkpoint_advisories 1
zdt 1
nessus 1
oracle 1
prion
prion
Design/Logic Flaw
2018-01-18 02:29:00
nvd
nvd
CVE-2018-2699
2018-01-18 02:29:23
cvelist
cvelist
CVE-2018-2699
2018-01-18 02:00:00
cve
cve
CVE-2018-2699
2018-01-18 02:29:23
openvas
openvas
Oracle Database Server 'Application Express' Component Unspecified Vulnerability
2018-01-19 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Application Express AnyChart Flash-Based XSS (CVE-2018-2699)
2019-01-15 00:00:00
zdt
zdt
Oracle Application Express AnyChart Flash-Based Cross Site Scripting Vulnerability
2019-01-03 00:00:00
nessus
nessus
Oracle Database Multiple Vulnerabilities (January 2018 CPU)
2018-01-19 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2018
2018-01-16 00:00:00

EPSS

0.001

Percentile

50.3%

JSON
Related for PACKETSTORM:150975
prion1nvd1cvelist1cve1openvas1checkpoint_advisories1zdt1nessus1oracle1