Detections
Analytics

Oracle Application Server Portal 10g Authentication Bypass

medium Nessus Plugin ID 32479

Language:

Synopsis

The remote web server is affected by an authentication bypass vulnerability.

Description

The remote host is running Oracle Application Server.

By sending a specially crafted GET request to the version of Oracle Application Server installed on the remote host, an unauthenticated attacker can access potentially sensitive files listed under the directory '/dav_portal/portal'.

Solution

Unknown at this time.

See Also

https://www.securityfocus.com/archive/1/491865

Plugin Details

Severity: Medium

ID: 32479

File Name: oracle10gAS_auth_bypass.nasl

Version: 1.17

Type: remote

Family: Databases

Published: 5/29/2008

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:oracle:application_server_portal

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Reference Information

CVE: CVE-2008-2138

BID: 29119

CWE: 264