Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15449
HistoryDec 20, 2006 - 12:00 a.m.

Oracle Portal 10g HTTP Response Splitting

2006-12-2000:00:00
vulners.com
75
JSON

Oracle Portal/Applications HTTP Response Splitting

Sample:

http://<target>/webapp/jsp/calendar.jsp?enc=iso-8859-1%0d%0aContent-length=12%0d%0a%0d%0a%3Cscript%3Ealert('hi')%3C/script%3E

How an attack can be conducted?

Oracle Portal is commonly used with Oracle Web Cache, which caches the most
common used URLs.
Due to the related problem a malicious user can alter the content that the
server will catch. It can be
used in attack to rogue cookies, usernames and passwords, etc…

Patch Information

There is no patch at moment.

Workaround

Edit yourself calendar.jsp file and fix it, in about 5 seconds. Otherwise,
wait for a long while an
official patch (between 6 months and 2 years).

Thanks to n0oN3

Acepta el reto MSN Premium: Correos mas divertidos con fotos y textos
increibles en MSN Premium. Descargalo y pruebalo 2 meses gratis.
http://join.msn.com?XAPID=1697&amp;DI=1055&amp;HL=Footer_mailsenviados_correosmasdivertidos

JSON