CVE-2006-6697

Currently unrated

Key Information:

Vendor: Oracle
Status: Application Server Portal
Vendor: CVE Published:; 22 December 2006

Summary

CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.

References

http://securityreason.com/securityalert/2057

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/archive/1/454965/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://marc.info/?l=full-disclosure&m=116664018702238&w=2

mailing-listx_refsource_FULLDISC

EPSS Score

34% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 22, 2006
Vulnerability Reserved
Dec 21, 2006