March 11, 2010
Oracle has provided a fix for an interesting session fixation attack I have discovered in Oracle WebLogic web server. It's a very simple attack and I initially thought it was possible to mitigate it by changing the WebLogic servlet session configuration. However, it turned out to be a bug ;-).
For more details: Oracle WebLogic - Session Fixation Via HTTP POST Request

Watch this space, I will publish some new articles in the next few days. In the meantime, enjoy my new caricature on the top. Thanks Vivien!

Share - permalink - Comment/Contact me