lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 20 Dec 2006 14:19:02 +0000
From: "putosoft softputo" <>
Subject: Oracle Portal 10g HTTP Response Splitting

Oracle Portal/Applications HTTP Response Splitting



How an attack can be conducted?

Oracle Portal is commonly used with Oracle Web Cache, which caches the most 
common used URLs.
Due to the related problem a malicious user can alter the content that the 
server will catch. It can be
used in attack to rogue cookies, usernames and passwords, etc...

Patch Information

There is no patch at moment.


Edit yourself calendar.jsp file and fix it, in about 5 seconds. Otherwise, 
wait for a long while an
official patch (between 6 months and 2 years).

Thanks to n0oN3

Acepta el reto MSN Premium: Correos más divertidos con fotos y textos 
increíbles en MSN Premium. Descárgalo y pruébalo 2 meses gratis.

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists