Vulnerability in N/a
CVE-2005-4550
The PORTAL schema in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to obtain the source code for arbitrary JSP and other files via a df_next_page parameter with a trailing null byte (%00).
EPSS: 0.514 (97.9th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- 20051223 SEC Consult SA-20051223-1 :: File Disclosure using df_next_page parameter in OracleAS Discussion Forum Portlet (mailing-list, x_refsource_FULLDISC)
- oracle-forum-portlet-obtain-information(23813) (vdb-entry, x_refsource_XF)
- ADV-2005-3085 (vdb-entry, x_refsource_VUPEN)
- 1015406 (vdb-entry, x_refsource_SECTRACK)
- 16048 (vdb-entry, x_refsource_BID)
- 297 (x_refsource_SREASON, third-party-advisory)