Oracle 10g Express Edition Cookie’s issue

April 20, 2008 Advisories, Research | sid @ 10:08 am

Oracle 10g Express Edition does not invalidate the cookie www_flow_user2 on server when the user logs off.

Tested in version:- Oracle 10g Express edition 10.2.0.1.0, other versions may also be vulnerable.

Patch:- Oracle CPU April 2008

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a comment