CVE-2005-4550
published 2005-12-28CVE-2005-4550: The PORTAL schema in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to obtain the source code for arbitrary JSP and…
PriorityP429medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
6.09%
92.5th percentile
The PORTAL schema in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to obtain the source code for arbitrary JSP and other files via a df_next_page parameter with a trailing null byte (%00).
Detection & IOCsextracted from sources · hover to see the quote
urlhttp://www.example.com/portal/page?_pageid=XXX,XXX&_dad=portal&_schema=PORTAL&df_next_page=htdocs/forums.jsp&RowKeyValue=alert(document.cookie)↗
urlhttp://www.example.com/portal/page?_pageid=XXX,XXX&_dad=portal&_schema=PORTAL&df_next_page=htdocs/search.jsp%00↗
- →Detect source code disclosure attempts by monitoring HTTP requests to /portal/page where the df_next_page parameter contains a trailing null byte (%00), indicating an attempt to bypass file extension filtering and retrieve raw JSP/file source. ↗
- →Monitor requests to OracleAS portal endpoints for the _schema=PORTAL and _dad=portal query parameters combined with a df_next_page value ending in %00, which is the specific attack pattern for this CVE. ↗
- →Detect XSS attempts against the Discussion Forum Portlet by alerting on requests to /portal/page where the RowKeyValue parameter contains JavaScript payloads such as alert(document.cookie). ↗
- →The PORTAL schema in OracleAS Discussion Forum Portlet is the targeted component; restrict or alert on external access to portal pages exposing the df_next_page parameter. ↗
- ·Oracle Application Server Discussion Forum Portlet is not intended for production use; deployments in production environments are inherently misconfigured and should be removed. ↗
- ·All versions of Oracle Application Server Discussion Forum Portlet are considered vulnerable to these issues; there is no safe version to deploy. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://marc.info/?l=full-disclosure&m=113532633229270&w=2http://securityreason.com/securityalert/297http://securitytracker.com/id?1015406http://www.securityfocus.com/bid/16048http://www.vupen.com/english/advisories/2005/3085https://exchange.xforce.ibmcloud.com/vulnerabilities/23813http://marc.info/?l=full-disclosure&m=113532633229270&w=2http://securityreason.com/securityalert/297http://securitytracker.com/id?1015406http://www.securityfocus.com/bid/16048http://www.vupen.com/english/advisories/2005/3085https://exchange.xforce.ibmcloud.com/vulnerabilities/23813
2005-12-28
Published