TL;DR This weakness allows us to bypass the URL filtering on the RH parameter which could be used to hijack the session of any user when following a particularly crafted link. In summary, phishing heaven ! Intro Oracle Authentication Manager (OAM) 10G or OAM 11g with Webgates 10g parse SSO