Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:ORACLE:APP-SERVER-BYPASS |
|---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Oracle Application Server Portal Authentication Bypass Vulnerability |
Release Date |
2012/11/22 |
Update Number |
2205 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Oracle Application Server Portal Authentication Bypass Vulnerability
This signature detects attempts to exploit a known authentication bypass vulnerability in Oracle Application Server Portal. A remote unauthenticated attacker could exploit this vulnerability by sending a special request to the server. Successful exploitation may allow the attacker to bypass authentication and allow access to sensitive data.
Extended Description
Oracle Application Server (OracleAS) Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /dav_portal/portal/ by sending a request containing a trailing "%0A" (encoded line feed), then using the session ID that is generated from that request. NOTE: as of 20080512, Oracle has not commented on the accuracy of this report.
Affected Products
- Oracle application_server_portal 10g
References
- BugTraq: 29119
- CVE: CVE-2008-2138