Oracle Portal Calendar.JSP Multiple HTTP Response Splitting Vulnerabilities
BID:21686
Info
Oracle Portal Calendar.JSP Multiple HTTP Response Splitting Vulnerabilities
| Bugtraq ID: | 21686 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 20 2006 12:00AM |
| Updated: | Dec 22 2006 12:04AM |
| Credit: | putosoft softputo and [email protected] are credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Oracle Portal 9.0.2 Oracle Portal 10g |
| Not Vulnerable: | |
Discussion
Oracle Portal Calendar.JSP Multiple HTTP Response Splitting Vulnerabilities
Oracle Portal is prone to multiple HTTP response-splitting vulnerabilities because the application fails to properly sanitize user-supplied input.
A remote attacker may exploit these vulnerabilities to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.
Versions 10g and 9.0.2 are vulnerable; other versions may also be affected.
Oracle Portal is prone to multiple HTTP response-splitting vulnerabilities because the application fails to properly sanitize user-supplied input.
A remote attacker may exploit these vulnerabilities to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.
Versions 10g and 9.0.2 are vulnerable; other versions may also be affected.
Exploit / POC
Oracle Portal Calendar.JSP Multiple HTTP Response Splitting Vulnerabilities
An attacker can exploit these issues via a web client.
The following proof-of-concept URI is available:
http://www.example.com/webapp/jsp/calendar.jsp?enc=iso-8859-1%0d%0aContent-length=12%0d%0a%0d%0a%3Cscript%3Ealert('hi')%3C/script%3E
An attacker can exploit these issues via a web client.
The following proof-of-concept URI is available:
http://www.example.com/webapp/jsp/calendar.jsp?enc=iso-8859-1%0d%0aContent-length=12%0d%0a%0d%0a%3Cscript%3Ealert('hi')%3C/script%3E
Solution / Fix
Oracle Portal Calendar.JSP Multiple HTTP Response Splitting Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
Oracle Portal Calendar.JSP Multiple HTTP Response Splitting Vulnerabilities
References:
References:
- Oracle Homepage (Oracle)
- Oracle Portal 10g HTTP Response Splitting (putosoft softputo)
- Re: Oracle Portal 10g HTTP Response Splitting ([email protected] )