OUCSS - Security Vulnerability – Clickjacking (Doc ID 2016299.1)

Last updated on JANUARY 03, 2017

Applies to:

Oracle Utilities Customer Self Service - Version 2.1.0.1 to 2.1.0.1 [Release 2.1]
Information in this document applies to any platform.
Clickjacking occurs when a malicious website presents a page that uses an iframe that, in turn, incorporates legitimate content either on top of a malicious page or beneath an invisible malicious page. The attacker-controlled page contains UI elements aligned in such a way that when the user thinks they are clicking on a legitimate UI element, they are actually clicking on the malicious element. By employing this technique the victim’s click has been “hijacked”.

Real world examples of clickjacking include exploits on embedded Twitter Follow buttons and Facebook Like buttons. In these attacks, the malicious website imports the “Follow” or “Like” buttons, makes them transparent or opaque, and adds a decoy image underneath the button. The user believes they are clicking on the visible link, while their click is actually performing a “like” or “follow” action on Facebook or Twitter, respectively.

Symptoms

Real world examples of clickjacking include exploits on embedded Twitter Follow buttons and Facebook Like buttons. In these attacks, the malicious website imports the “Follow” or “Like” buttons, makes them transparent or opaque, and adds a decoy image underneath the button. The user believes they are clicking on the visible link, while their click is actually performing a “like” or “follow” action on Facebook or Twitter, respectively. 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms