Network Security: Detailed info on Re: Oracle Portal 10g HTTP Response Splitting

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Vuln-Dev

Subject:	Re: Oracle Portal 10g HTTP Response Splitting
Date:	21 Dec 2006 21:18:53 -0000

Subject:

Re: Oracle Portal 10g HTTP Response Splitting

Date:

21 Dec 2006 21:18:53 -0000

This also occurs in Portal 9.0.2 in the file calendar.jsp, calendarDialog.jsp, and fred.jsp, all of which are under the $ORACLE_HOME/j2ee directory in various locations. The offending code is String enc = request.getParameter("enc"); if ((enc == null) || "".equals(enc)) response.setContentType("text/html"); else response.setContentType("text/html;charset=" + enc); which can be commented out as follows: // String enc = request.getParameter("enc"); // if ((enc == null) || "".equals(enc)) response.setContentType("text/html"); // else // response.setContentType("text/html;charset=" + enc);

<Prev in Thread]	Current Thread	[Next in Thread>
Oracle Portal 10g HTTP Response Splitting, putosoft softputo Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting, Brian Eaton Re: Oracle Portal 10g HTTP Response Splitting, majororacle <=

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day, Pukhraj Singh
Next by Date:	Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip, Juha-Matti Laurio
Previous by Thread:	Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting, Brian Eaton
Next by Thread:	Mono XSP ASP.NET Server sourcecode disclosure vulnerability, jose . palanco
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day, Pukhraj Singh

Next by Date:

Re: critical Flaw in Firefox 2.0.0.1 allows to steal the user passwords with a videoclip, Juha-Matti Laurio

Previous by Thread:

Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting, Brian Eaton

Next by Thread:

Mono XSP ASP.NET Server sourcecode disclosure vulnerability, jose . palanco

Indexes:

[Date] [Thread] [Top] [All Lists]