Jump to content


Photo

Vulnerabilities Expose Oracle OAM 10g to Remote Session Hijacking


  • Please log in to reply
No replies to this topic

#1 TheSentinel

TheSentinel

    The man in the dark

  • General Admin
  • 30,396 posts

Posted 12 July 2017 - 07:36 PM

Vulnerabilities Expose Oracle OAM 10g to Remote Session Hijacking

by Chris Brook July 12, 2017 , 8:18 am

Oracle’s next quarterly Critical Patch Update is slated for July 18, but two vulnerabilities in an older version of the company’s Oracle Access Manager (OAM) solution won’t be among the bugs patched.
Version 10g of the software, Oracle’s solution for web access management and user administration, suffers from two issues: an open redirect vulnerability, and the fact that it sends cookie values in GET requests.

Get the whole story here:
https://threatpost.c...jacking/126775/