The PORTAL schema in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to obtain the source code for arbitrary JSP and other files via a df_next_page parameter with a trailing null byte (%00).
Software | From | Fixed in |
---|---|---|
oracle / application_server_discussion_forum_portlet | - | - |