Intrusion Prevention

Oracle.Secure.Enterprise.Search.CVE-2009-1968.Linked.XSS

Description

This indicates an attack attempt against a cross-site scripting vulnerability in Oracle Secure Enterprise Search.
This is possible because the user input filters fail to properly sanitize the search_p_groups value that is passed to "/search/query/search". An attacker may include script by supplying an injection string through the URL.

Affected Products

Oracle Secure Enterprise Search 10.1.8

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Refer to the vendor's web site for the suggested workaround:

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date	Version	Status	Detail
2024-07-16	28.827	Modified	Name:Oracle. Secure. Enterprise. Search. Linked. XSS:Oracle. Secure. Enterprise. Search. CVE-2009-1968. Linked. XSS
2018-10-16	13.473	Modified	Sig Added

ID	17596
Created	Aug 13, 2009
Updated	Jul 15, 2024
CVE ID
Risk
Exploit Prediction Score	31.82%
Default Action	drop
Active
Affected OS	Windows, Linux
Affected App	Oracle
Profile Type	XSS

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Intrusion Prevention

Oracle.Secure.Enterprise.Search.CVE-2009-1968.Linked.XSS

Description

Affected Products

Impact

Recommended Actions

Coverage

Version Updates

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Intrusion Prevention

Oracle.Secure.Enterprise.Search.CVE-2009-1968.Linked.XSS

Description

Affected Products

Impact

Recommended Actions

Coverage

Version Updates

Threat Intelligence
Center