Oracle Application Server Portal Authentication Bypass Vulnerability

info
discussion
exploit
solution
references

Oracle Application Server Portal Authentication Bypass Vulnerability

Attackers can use a browser to exploit this issue.

The following proof of concept is available:

Visiting the 'http://www.example.com/portal/%0A' site will create a cookie sufficient to trigger the issue and access 'http://www.example.com/dav_portal/porta/' without authorization.