| To: | bugtraq@securityfocus.com |
|---|---|
| Subject: | Re: Oracle Portal 10g HTTP Response Splitting |
| From: | majororacle@gmail.com |
| Date: | 21 Dec 2006 21:18:53 -0000 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | bugtraq-list@securepoint.com |
| Delivered-to: | mailing list bugtraq@securityfocus.com |
| Delivered-to: | moderator for bugtraq@securityfocus.com |
| List-help: | <mailto:bugtraq-help@securityfocus.com> |
| List-id: | <bugtraq.list-id.securityfocus.com> |
| List-post: | <mailto:bugtraq@securityfocus.com> |
| List-subscribe: | <mailto:bugtraq-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:bugtraq-unsubscribe@securityfocus.com> |
| Mailing-list: | contact bugtraq-help@securityfocus.com; run by ezmlm |
This also occurs in Portal 9.0.2 in the file calendar.jsp, calendarDialog.jsp,
and fred.jsp, all of which are under the $ORACLE_HOME/j2ee directory in various
locations. The offending code is
String enc = request.getParameter("enc");
if ((enc == null) || "".equals(enc))
response.setContentType("text/html");
else
response.setContentType("text/html;charset=" + enc);
which can be commented out as follows:
// String enc = request.getParameter("enc");
// if ((enc == null) || "".equals(enc))
response.setContentType("text/html");
// else
// response.setContentType("text/html;charset=" + enc);
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day, Pukhraj Singh |
|---|---|
| Next by Date: | RE: Enforcing Java Security Manager in Restricted Windows Environments?, Jan P. Monsch |
| Previous by Thread: | Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting, Brian Eaton |
| Next by Thread: | NOD32 Antivirus DOC parsing Arbitrary Code Execution Advisory, security |
| Indexes: | [Date] [Thread] [Top] [All Lists] |