CVE-2008-2138

by Fred · 12/05/2008

Oracle Application Server (OracleAS) Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /dav_portal/portal/ by sending a request containing a trailing "%0A" (encoded line feed), then using the session ID that is generated from that request. NOTE: as of 20080512, Oracle has not commented on the accuracy of this report.

Date published : 2008-05-12

http://www.securityfocus.com/bid/29119

http://www.securityfocus.com/archive/1/491865/100/0/threaded

CVE-2008-2138

Similar

Recent Posts

Categories

CVE-2008-2138

Share this:

Similar

Recent Posts

Categories

Tags