Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The ASP.NET_SessionID primary session cookie, when Internet Information Services (IIS) with ASP.NET is used, is not protected with the HttpOnly attribute. The attribute cannot be enabled by customers. Consequently, this cookie is exposed to session hijacking attacks should an adversary be able to execute JavaScript in the origin of the portal installation. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Oracle WebCenter Interaction Portal 安全漏洞
Vulnerability Description
Oracle WebCenter Interaction是美国甲骨文(Oracle)公司的一套用于创建企业门户、协作社区、组合应用程序和社交应用程序的套件。Oracle WebCenter Interaction Portal是其中的一个管理界面。 Oracle WebCenter Interaction Portal 10.3.3版本中存在安全漏洞。攻击者可利用该漏洞实施会话劫持攻击。
CVSS Information
N/A
Vulnerability Type
N/A