CVE

Id
32255  
CVE No.
CVE-2008-2138  
Status
Candidate  
Description
Oracle Application Server (OracleAS) Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /dav_portal/portal/ by sending a request containing a trailing "%0A" (encoded line feed), then using the session ID that is generated from that request. NOTE: as of 20080512, Oracle has not commented on the accuracy of this report.  
Phase
Assigned (20080512)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
348405 32255 CVE-2008-2138 BUGTRAQ:20080509 Oracle Application Server 10G ORA_DAV Basic Authentication Bypass Vulnerability  View
348406 32255 CVE-2008-2138 URL:http://www.securityfocus.com/archive/1/archive/1/491865/100/0/threaded  View
348407 32255 CVE-2008-2138 BID:29119  View
348408 32255 CVE-2008-2138 URL:http://www.securityfocus.com/bid/29119  View
348409 32255 CVE-2008-2138 SECTRACK:1020034  View
348410 32255 CVE-2008-2138 URL:http://www.securitytracker.com/id?1020034  View
348411 32255 CVE-2008-2138 SECUNIA:30140  View
348412 32255 CVE-2008-2138 URL:http://secunia.com/advisories/30140  View
348413 32255 CVE-2008-2138 SREASON:3867  View
348414 32255 CVE-2008-2138 URL:http://securityreason.com/securityalert/3867  View
348415 32255 CVE-2008-2138 XF:oracle-aps-cookie-auth-bypass(42302)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
47116 JVNDB-2008-002426 Emacs および XEmacs における .flc ファイルの処理に関する任意のコードを実行される脆弱性 Emacs および XEmacs には、.flc ファイルの処理に不備があるため、任意のコードを実行される脆弱性が存在します。 CVE-2008-2142 32255 6.8 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002426.html  View