My Oracle Support Banner

E1: JAS: Malicious Script Attack Messages in JAS Logs (Doc ID 964502.1)

Last updated on APRIL 06, 2020

Applies to:

JD Edwards EnterpriseOne Tools - Version 8.98 and later
Information in this document applies to any platform.




Goal

Issue 1:
The JAS.LOG shows the following error message:

19 Oct 2009 11:10:50,666 [SEVERE] - [RUNTIME] ***Security Alert***
Malicious script attack has been detected. The user session will be invalidated.
The parameter Name is:RENDER_MAFLET. The scripts are: <details of the E1 script that encountered this error>

 

Issue 2:

When attempting to launch any application from E1 Menu on an HTML Client that is on a Windows 7 with Internet Explorer 8 the following error occurs:

Your session has expired. If your browser does not refresh, please refresh to login again

The user is logged out of EnterpriseOne.  The issue affects all of the workstations that have been upgraded to Windows 7. The issue does not occur on Firefox.  In the JAS.LOG, the following can be observed:

XX Aug 2010 XX:XX:XX,xxx [Line ?] [SEVERE] - [RUNTIME] ***Security Alert***
Malicious script attack has been detected. The user session will be invalidated.
The parameter Name is:RENDER_MAFLET. The scripts are:E1Menu";</SCRIPT><INPUT TYPE=hidden NAME=activeElement><SCRIPT>insertFormHeader("0","W0413MB","","P0413M","Supplier Payment Inquiry - Work with Payments","Errors and Warnings",false,"Help","About (Ctrl Shift J)","Item Help",0,0,"W0413MB","","Edit","","1");</SCRIPT><table CELLSPACING=0 CELLPADDING=1 WIDTH=1000class=MenuBar id=

 
HTML code from the Java servlet generated web page was included in the HTTP POST message submitted to the E1 HTML Server (JAS Server). This is a HTML/Javascript  parsing/processing issue for Internet Explorer 8. When E1 HTML Server detects <script> tags in the HTTP POST message, it triggers cross site scripting (XSS) defense introduced in Tools Release 8.98 and ends the user session.

Issue 3:

Can also occur when copy / paste into MOBJ text attachment.


Issue 4:

Can also occur with Tools Release higher than 9.2.x when JAS is restarted while databrowser window is still on.

 

Issue 5

It can occur when specific records are accessed or modified in an application . There is no such error for other records . The records affected had text media object attachments which had image containing reference to an external URL . This external URL was recorded in the logs 

 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.