CVE-2018-16956

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Interaction Portal version 10.3.3

Description The issue concerns the AjaxControl component, which fails to validate page names during rename requests. This allows pages to be renamed with characters unsupported by the web server, such as 0x7f, leading to a Denial of Service (DoS) as these pages become inaccessible over the web server.

Recommendations For Oracle WebCenter Interaction Portal version 10.3.3, consider restricting the ability to rename pages to authorized personnel and implement validation to prevent the use of unsupported characters in page names. As a temporary workaround, monitor page rename requests to prevent the inclusion of unsupported characters. At the moment, there is no information about a newer version that contains a fix for this vulnerability.