CVE-2008-2138 – Oracle Application Server Portal 10g - Authentication Bypass
https://notcve.org/view.php?id=CVE-2008-2138
Oracle Application Server (OracleAS) Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /dav_portal/portal/ by sending a request containing a trailing "%0A" (encoded line feed), then using the session ID that is generated from that request. NOTE: as of 20080512, Oracle has not commented on the accuracy of this report. Oracle Application Server (OracleAS) Portal 10g permite a atacantes remotos evitar las restricciones de acceso previstas y leer los contenidos de /dav_portal/portal/ mediante una petición que contiene un rastro "%0A" (avance de línea codificado) y utilizando a continuación el ID de sesión que se genera de esa petición. NOTA: a fecha del 12-05-2008, Oracle no ha comentado la exactitud de este repote • https://www.exploit-db.com/exploits/31770 http://secunia.com/advisories/30140 http://securityreason.com/securityalert/3867 http://www.securityfocus.com/archive/1/491865/100/0/threaded http://www.securityfocus.com/bid/29119 http://www.securitytracker.com/id?1020034 https://exchange.xforce.ibmcloud.com/vulnerabilities/42302 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2006-6697 – Oracle Portal 9.0.2 - Calendar.jsp Multiple HTTP Response Splitting Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-6697
CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter. Vulnerabilidad de inyección de CRLF en webapp/jsp/calendar.jsp en Oracle Portal 10g y anteriores, incluyendo 9.0.2, permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de fragmentación de respuestas HTTP mediante secuencias CRLF en el parámetro enc, posiblemente involucrando codificación iso-8859-1. • https://www.exploit-db.com/exploits/29301 http://marc.info/?l=full-disclosure&m=116664018702238&w=2 http://marc.info/?l=full-disclosure&m=116666155824901&w=2 http://secunia.com/advisories/23461 http://securityreason.com/securityalert/2057 http://www.securityfocus.com/archive/1/454945/100/0/threaded http://www.securityfocus.com/archive/1/454965/100/0/threaded http://www.securityfocus.com/archive/1/455106/100/0/threaded http://www.securityfocus.com/bid/21686 http:// •