Re: Oracle Portal 10g HTTP Response Splitting

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Oracle Portal 10g HTTP Response Splitting
From: majororacle@xxxxxxxxx
Date: 21 Dec 2006 21:18:53 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

This also occurs in Portal 9.0.2 in the file calendar.jsp, calendarDialog.jsp, 
and fred.jsp, all of which are under the $ORACLE_HOME/j2ee directory in various 
locations.  The offending code is 
  String enc = request.getParameter("enc");
  if ((enc == null) || "".equals(enc))
    response.setContentType("text/html");
  else
   response.setContentType("text/html;charset=" + enc);

which can be commented out as follows:

//  String enc = request.getParameter("enc");
//  if ((enc == null) || "".equals(enc))
    response.setContentType("text/html");
//  else
//    response.setContentType("text/html;charset=" + enc);

Prev by Date: Re: [Full-disclosure] Microsoft Windows XP/2003/Vista memory corruption 0day
Next by Date: RE: Enforcing Java Security Manager in Restricted Windows Environments?
Previous by thread: Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting
Next by thread: NOD32 Antivirus DOC parsing Arbitrary Code Execution Advisory
Index(es):
- Date
- Thread