E1: JAS: Malicious Script Attack Messages in JAS Logs
(Doc ID 964502.1)
Last updated on FEBRUARY 03, 2019
Applies to:
JD Edwards EnterpriseOne Tools - Version 8.98 and laterInformation in this document applies to any platform.
Goal
Issue 1:
The JAS.LOG shows the following error message:
Malicious script attack has been detected. The user session will be invalidated.
The parameter Name is:RENDER_MAFLET. The scripts are: <details of the E1 script that encountered this error>
Issue 2:
When attempting to launch any application from E1 Menu on an HTML Client that is on a Windows 7 with Internet Explorer 8 the following error occurs:
The user is logged out of EnterpriseOne. The issue affects all of the workstations that have been upgraded to Windows 7. The issue does not occur on Firefox. In the JAS.LOG, the following can be observed:
Malicious script attack has been detected. The user session will be invalidated.
The parameter Name is:RENDER_MAFLET. The scripts are:E1Menu";</SCRIPT><INPUT TYPE=hidden NAME=activeElement><SCRIPT>insertFormHeader("0","W0413MB","","P0413M","Supplier Payment Inquiry - Work with Payments","Errors and Warnings",false,"Help","About (Ctrl Shift J)","Item Help",0,0,"W0413MB","","Edit","","1");</SCRIPT><table CELLSPACING=0 CELLPADDING=1 WIDTH=1000class=MenuBar id=
HTML code from the Java servlet generated web page was included in the HTTP POST message submitted to the E1 HTML Server (JAS Server). This is a HTML/Javascript parsing/processing issue for Internet Explorer 8. When E1 HTML Server detects <script> tags in the HTTP POST message, it triggers cross site scripting (XSS) defense introduced in Tools Release 8.98 and ends the user session.
Issue 3:
Can also occur when copy / paste into MOBJ text attachment.
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Goal |
| Solution |
| References |