"Researchers Remotely Hijack Oracle OAM 10g Sessions"

Security researchers, Nabeel Ahmed and Tom Gilis, have discovered issues within Oracle Access Manager (OAM) 10g that could allow attackers to remotely hijack sessions. As revealed by the researchers, these issues include the redirection of users after the submission of credentials and transmission of cookie values through GET requests. This article further discusses these vulnerabilities and other discoveries made by researchers. 

Security Week reports "Researchers Remotely Hijack Oracle OAM 10g Sessions"