CVE-2008-2138

Name of the Vulnerable Software and Affected Versions Oracle Application Server (OracleAS) Portal 10g

Description The issue allows remote attackers to bypass intended access restrictions and read the contents of /dav portal/portal/ by sending a request containing a trailing "%0A" (encoded line feed), then using the session ID that is generated from that request.

Recommendations For Oracle Application Server (OracleAS) Portal 10g, as a temporary workaround, consider restricting access to the /dav portal/portal/ endpoint until a patch is available. Avoid using the session ID generated from requests containing a trailing "%0A" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.