File Disclosure Vulnerability in Oracle Application Server Discussion Forum Portlet
CVE-2005-4550

Currently unrated

Key Information:

Vendor: Oracle
Status: Application Server Discussion Forum Portlet
Vendor: CVE Published:; 28 December 2005

What is CVE-2005-4550?

A file disclosure vulnerability exists in the PORTAL schema of the Oracle Application Server Discussion Forum Portlet. Remote attackers can exploit this flaw by manipulating the 'df_next_page' parameter, appending a trailing null byte (%00) to their request. This exploitation allows unauthorized access to the source code of JSP files and potentially sensitive information, posing a significant risk to the integrity of the server and user data.

References

http://marc.info/?l=full-disclosure&m=113532633229270&w=2

mailing-listx_refsource_FULLDISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/23813

vdb-entryx_refsource_XF

http://www.vupen.com/english/advisories/2005/3085

vdb-entryx_refsource_VUPEN

EPSS Score

53% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 28, 2005
Vulnerability Reserved
Dec 28, 2005