CRLF Injection Vulnerabilities in Oracle Portal by Oracle
CVE-2006-6699

Currently unrated

Key Information:

Vendor: Oracle
Status: Application Server Portal
Vendor: CVE Published:; 23 December 2006

What is CVE-2006-6699?

Multiple CRLF injection vulnerabilities exist in Oracle Portal that allow remote attackers to inject arbitrary HTTP headers, leading to potential HTTP response splitting attacks. The vulnerabilities can be exploited via CRLF sequences found in the 'enc' parameter, specifically affecting components like 'calendarDialog.jsp' and 'fred.jsp'. Successful exploitation may enable attackers to manipulate how HTTP responses are handled, posing significant risks to web application integrity and user data.

References

http://www.securityfocus.com/archive/1/455106/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Dec 23, 2006
Vulnerability Reserved
Dec 22, 2006