Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2138


Vulnerability Score 5.0 5.0
CVE Id CVE-2008-2138
Last Modified 26 Feb 2009 01:52:58
Published 12 May 2008 12:20:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Oracle Application Server (OracleAS) Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /dav_portal/portal/ by sending a request containing a trailing "%0A" (encoded line feed), then using the session ID that is generated from that request. NOTE: as of 20080512, Oracle has not commented on the accuracy of this report.

Vulnerable Systems


  • Oracle Application Server Portal 10g


XF - oracle-aps-cookie-auth-bypass(42302)

BID - 29119

BUGTRAQ - 20080509 Oracle Application Server 10G ORA_DAV Basic Authentication Bypass Vulnerability

SREASON - 3867

SECUNIA - 30140

SECTRACK - 1020034

Last Updated: 27 May 2016 10:47:46