header-logo
Suggest Exploit
vendor:
Portal
by:
SecurityFocus
7.5
CVSS
HIGH
HTTP Response-Splitting
113
CWE
Product Name: Portal
Affected Version From: 10g
Affected Version To: 9.0.2
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Oracle Portal Multiple HTTP Response-Splitting Vulnerabilities

Oracle Portal is prone to multiple HTTP response-splitting vulnerabilities because the application fails to properly sanitize user-supplied input. A remote attacker may exploit these vulnerabilities to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/21686/info

Oracle Portal is prone to multiple HTTP response-splitting vulnerabilities because the application fails to properly sanitize user-supplied input. 

A remote attacker may exploit these vulnerabilities to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.

Versions 10g and 9.0.2 are vulnerable; other versions may also be affected.

http://www.example.com/webapp/jsp/calendar.jsp?enc=iso-8859-1%0d%0aContent-length=12%0d%0a%0d%0a%3Cscript%3Ealert('hi')%3C/script%3E

Navigation

Suggest Exploit

Services By CQR