CRLF Injection Vulnerabilities in Oracle Portal by Oracle
CVE-2006-6699

Currently unrated

Key Information:

Vendor: Oracle
Status: Application Server Portal
Vendor: CVE Published:; 23 December 2006

What is CVE-2006-6699?

Multiple CRLF injection vulnerabilities exist in Oracle Portal that allow remote attackers to inject arbitrary HTTP headers, leading to potential HTTP response splitting attacks. The vulnerabilities can be exploited via CRLF sequences found in the 'enc' parameter, specifically affecting components like 'calendarDialog.jsp' and 'fred.jsp'. Successful exploitation may enable attackers to manipulate how HTTP responses are handled, posing significant risks to web application integrity and user data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/archive/1/455106/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Dec 23, 2006
Vulnerability Reserved
Dec 22, 2006

JSON

Oracle

What is CVE-2006-6699?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.