Vulnerabilities > Oracle > Application Server Portal > 10g
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-05-12 | CVE-2008-2138 | Permissions, Privileges, and Access Controls vulnerability in Oracle Application Server Portal 10G Oracle Application Server (OracleAS) Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /dav_portal/portal/ by sending a request containing a trailing "%0A" (encoded line feed), then using the session ID that is generated from that request. | 5.0 |
| 2006-12-22 | CVE-2006-6697 | HTTP Response Splitting vulnerability in Oracle Application Server Portal 10G/9.0.2 CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter. | 7.5 |