Access Restriction Bypass in Oracle Application Server Portal 10g
CVE-2008-2138

Currently unrated

Key Information:

Vendor: Oracle
Status: Application Server Portal
Vendor: CVE Published:; 12 May 2008

What is CVE-2008-2138?

The Oracle Application Server Portal 10g is vulnerable to an access restriction bypass, allowing remote attackers to read unauthorized content located in the /dav_portal/portal/ directory. This occurs when an attacker sends a specially crafted request with a trailing '%0A' (encoded line feed), which can generate a session ID that may be improperly utilized to gain access to sensitive information. This vulnerability could pose significant risks to data integrity and confidentiality, necessitating immediate attention from organizations utilizing this server.

References

http://securityreason.com/securityalert/3867

third-party-advisoryx_refsource_SREASON

https://exchange.xforce.ibmcloud.com/vulnerabilities/42302

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/491865/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

48% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 12, 2008
Vulnerability Reserved
May 12, 2008