CVE-2006-6697

Loading...

General

Score:7.5/10.0
Severity:High
Category:N/A
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Published on 22/12/06 - Updated on 18/10/16

Description

CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.

Category:

There is insufficient information about the issue to classify it; details are unknown or unspecified.

Security Notices

US National Vulnerability DatabaseCVE-2006-6697

Exploits

Exploit-DBEDB-29301
SecurityFocusBID-21686

Relative technologies

VendorProduct
oracleapplication_server_portal

Share this vulnerability with:

Twitter Facebook LinkedIn Mail