Oracle Portal 10g HTTP Response Splitting

2006-12-20T00:00:00
ID SECURITYVULNS:DOC:15449
Type securityvulns
Reporter Securityvulns
Modified 2006-12-20T00:00:00

Description

Oracle Portal/Applications HTTP Response Splitting

Sample:

http://<target>/webapp/jsp/calendar.jsp?enc=iso-8859-1%0d%0aContent-length=12%0d%0a%0d%0a%3Cscript%3Ealert('hi')%3C/script%3E

How an attack can be conducted?

Oracle Portal is commonly used with Oracle Web Cache, which caches the most common used URLs. Due to the related problem a malicious user can alter the content that the server will catch. It can be used in attack to rogue cookies, usernames and passwords, etc...

Patch Information

There is no patch at moment.

Workaround

Edit yourself calendar.jsp file and fix it, in about 5 seconds. Otherwise, wait for a long while an official patch (between 6 months and 2 years).

Thanks to n0oN3


Acepta el reto MSN Premium: Correos mas divertidos con fotos y textos increibles en MSN Premium. Descargalo y pruebalo 2 meses gratis. http://join.msn.com?XAPID=1697&DI=1055&HL=Footer_mailsenviados_correosmasdivertidos