Информационная безопасность
[RU] switch to English

Дополнительная информация

  Многочисленные ошибки в Oracle (multiple bugs)

  Oracle Applications/Portal 9i/10g Cross Site Scripting

  Modify Data via Inline Views

  Various Cross-Site-Scripting Vulnerabilities in Oracle Reports

  Cross-Site-Scripting Vulnerabilitiy in Oracle APEX NOTIFICATION_MSG

From:putosoft softputo <hasecorp_(at)_hotmail.com>
Date:20 декабря 2006 г.
Subject:Oracle Portal 10g HTTP Response Splitting

Oracle Portal/Applications HTTP Response Splitting



How an attack can be conducted?

Oracle Portal is commonly used with Oracle Web Cache, which caches the most
common used URLs.
Due to the related problem a malicious user can alter the content that the
server will catch. It can be
used in attack to rogue cookies, usernames and passwords, etc...

Patch Information

There is no patch at moment.


Edit yourself calendar.jsp file and fix it, in about 5 seconds. Otherwise,
wait for a long while an
official patch (between 6 months and 2 years).

Thanks to n0oN3

Acepta el reto MSN Premium: Correos mas divertidos con fotos y textos
increibles en MSN Premium. Descargalo y pruebalo 2 meses gratis.

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород