October 19, 2010

Three bugs in Oracle software and a white paper

Oracle has released the October 2010 critical patch update and it is now time to publish some security advisories. I am releasing three bugs this time. An old reflected XSS discovered in 2008 affecting Oracle eBusiness application, an HTTP Response Splitting vulnerability in Sun Java System Web Server and an interesting SOP bypass in JRE/JDK Java applet. As part of the research on the SOP bypass, I am also releasing a short white paper describing a way of leveraging XSRF using Java Applet and the "Compatibility with older browser" feature in Apache Web Server. For more details, see the links below.

Advisory: Oracle JRE - java.net.URLConnection class – Same-of-Origin (SOP) Policy Bypass
Advisory: Oracle Sun Java System Web Server - HTTP Response Splitting
Advisory: Oracle Siebel eBusiness Application – Multiple Cross Site Scripting Vulnerabilities
White Paper: Leveraging XSRF with Apache "Compatibility with older browser" feature and Java Applet

Share - permalink - Comment/Contact me