CVE-2007-2119

Name of the Vulnerable Software and Affected Versions Oracle Database Server versions 9.2.0.8 through 10.2.0.2 Oracle Application Server versions 9.0.4.3 through 10.1.2.2.0

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary HTML or web script via the EXPTYPE parameter in the boundary rules.jsp file of the Administration Front End for Oracle Enterprise (Ultra) Search.

Recommendations For Oracle Database Server versions 9.2.0.8 through 10.2.0.2, avoid using the EXPTYPE parameter in the vulnerable boundary rules.jsp file until a fix is available. For Oracle Application Server versions 9.0.4.3 through 10.1.2.2.0, restrict access to the boundary rules.jsp file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.