Nessus Vulnerability Scanner Reports Enterprise Manager Security Issues
Last updated on NOVEMBER 02, 2016
Applies to:Oracle Java CAPS Enterprise Service Bus - Version R6.2 and later
Information in this document applies to any platform.
Running Nessus Vulnerability Scanner version 4.4 against a Java CAPS 6.2 Enterprise Manager reports the following security issues:
' --- CGI Generic Injectable Parameter Weakness
Nessus was able to to inject innocuous strings into CGI parameters
and read them back in the HTTP response. The affected parameters are candidates for extended injection tests like cross-site scripting attacks. This is not a weakness per se; the main purpose of this test is to speed up other scripts. The results may be useful for a human pen-tester.
--- CGI Generic Cross-Site Scripting Vulnerability
--- CGI Generic Cookie Injection Scripting
--- Apache Tomcat Transfer-Encoding Header Vulnerability
The remote Apache Tomcat service is vulnerable to information disclosure or a denial of service attack due to a mishandling of invalid values for the 'Transfer-Encoding' HTTP header as sent by a client.
Upgrade to version 5.5.30 / 6.0.28 or greater.
--- CGI Generic Persistent Cross-Site Scripting Vulnerability
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms