Sample:
http://<target>/webapp/jsp/calendar.jsp?enc=iso-8859-1%0d%0aContent-length=12%0d%0a%0d%0a%3Cscript%3Ealert('hi')%3C/script%3E
Oracle Portal is commonly used with Oracle Web Cache, which caches the most
common used URLs.
Due to the related problem a malicious user can alter the content that the
server will catch. It can be
used in attack to rogue cookies, usernames and passwords, etc…
There is no patch at moment.
Edit yourself calendar.jsp file and fix it, in about 5 seconds. Otherwise,
wait for a long while an
official patch (between 6 months and 2 years).
Thanks to n0oN3
Acepta el reto MSN Premium: Correos mas divertidos con fotos y textos
increibles en MSN Premium. Descargalo y pruebalo 2 meses gratis.
http://join.msn.com?XAPID=1697&DI=1055&HL=Footer_mailsenviados_correosmasdivertidos