Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4550

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-4550
Last Modified 07 Mar 2011 09:28:28
Published 28 Dec 2005 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4550

Summary

The PORTAL schema in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to obtain the source code for arbitrary JSP and other files via a df_next_page parameter with a trailing null byte (%00).

Vulnerable Systems

Application

  • Oracle Application Server Discussion Forum Portlet


References

VUPEN - ADV-2005-3085

BID - 16048

FULLDISC - 20051223 SEC Consult SA-20051223-1 :: File Disclosure using df_next_page parameter in OracleAS Discussion Forum Portlet

XF - oracle-forum-portlet-obtain-information(23813)

SECTRACK - 1015406

SREASON - 297


Last Updated: 27 May 2016 10:41:20