Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2138

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-2138
Last Modified 26 Feb 2009 01:52:58
Published 12 May 2008 12:20:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2138

Summary

Oracle Application Server (OracleAS) Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /dav_portal/portal/ by sending a request containing a trailing "%0A" (encoded line feed), then using the session ID that is generated from that request. NOTE: as of 20080512, Oracle has not commented on the accuracy of this report.

Vulnerable Systems

Application

  • Oracle Application Server Portal 10g


References

XF - oracle-aps-cookie-auth-bypass(42302)

BID - 29119

BUGTRAQ - 20080509 Oracle Application Server 10G ORA_DAV Basic Authentication Bypass Vulnerability

SREASON - 3867

SECUNIA - 30140

SECTRACK - 1020034


Last Updated: 27 May 2016 10:47:46