Vulnerability in Portal and Single Sign-On Server

Creation Date: 29-OCT-2002
Last Revision Date: 29-OCT-2002

Description

There exists a potential security vulnerability when logging out of Portal and Single Sign-On Server. The browser history links permit a user to resume a session without requiring reauthentication.

Products affected

Portal 3.0.6, 3.0.7, 3.0.8, 3.0.9

Platforms affected

All

Workarounds

The recommended workaround is to completely exit the browser and all related applications after logging out of the Portal and Login Server. Once the patch below is applied, this workaround is no longer necessary.

Patch Information

Oracle has fixed the potential vulnerability identified above in patch/bug fix numbers 2248687, 2248685, 2248683, and 2248680 for Portal releases 3.0.6, 3.0.7, 3.0.8, and 3.0.9 respectively.

Download currently available patches for your platform from Oracle Support Services web site, MetaLink, http://metalink.oracle.com. Activate the "Patches" button to get to the patches Web page. Enter the patch/bug fix number(s) indicated above and activate the "Submit" button.

Oracle strongly recommends that you comprehensively test the stability of your system upon application of any patch prior to deleting any of the original file(s) that are replaced by the patch.