CVE-2006-6697: CRLF Injection
First published: Fri Dec 22 2006(Updated: )
CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Application Server Portal | =10g | |
| Oracle Application Server Portal | =9.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/21686
- http://secunia.com/advisories/23461
- http://securityreason.com/securityalert/2057
- http://www.vupen.com/english/advisories/2006/5124
- http://marc.info/?l=full-disclosure&m=116666155824901&w=2
- http://marc.info/?l=full-disclosure&m=116664018702238&w=2
- http://www.securityfocus.com/archive/1/455106/100/0/threaded
- http://www.securityfocus.com/archive/1/454965/100/0/threaded
- http://www.securityfocus.com/archive/1/454945/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/oracle
- canonical/oracle application server portal
- version/oracle application server portal/10g
- version/oracle application server portal/9.0.2