Java Development Tools

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

exploiting the parameter user-agent in ADF application

Mohammed Abdel AzizMar 19 2013 — edited Mar 20 2013

hi all
i'm using jdeveloper 11g and when information security test my APP they gave me report with Security Risk MED
i try to solve all problems but still a one
i dont know how to solve it and they insist to prevent deployment unless resolve this issue

150022Syntax Error Occurred
Category Information Disclosure
Threat
A test payload generated a syntax error within the Web application. This often points to a problem with input validation routines or lack of filters on
user-supplied content.

Impact
A malicious user may be able to create a denial of service, serious error, or exploit depending on the error encountered by the Web application
Detection Information

Parameter It has been detected by exploiting the parameter user-agent
The payloads section will display a list of tests that show how the param could have been exploited to collect the
information

#1 User-Agent: Mozilla/*
#2 Cookie: JSESSIONID=6vYgRG1GGNyQxszysL4nnyg53SH48BMBkQvvnPhNKTCNvTy2gyKD!569345819

please heeeeeeeeeeeeeeeelp

Locked Post

New comments cannot be posted to this locked post.

Locked on Apr 17 2013

Added on Mar 19 2013

#application-development-in-java, #jdeveloper-and-adf

10 comments

838 views