CVE-2006-6699

Currently unrated

Key Information:

Vendor: Oracle
Status: Application Server Portal
Vendor: CVE Published:; 23 December 2006

Summary

Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. NOTE: the calendar.jsp vector is covered by CVE-2006-6697.

References

http://www.securityfocus.com/archive/1/455106/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Dec 23, 2006
Vulnerability Reserved
Dec 22, 2006