1. CVE-Search
  2. CVE-2006-6697
ID CVE-2006-6697
Summary CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:application_server_portal:9.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:application_server_portal:9.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_server_portal:10g:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:application_server_portal:10g:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 17-10-2018 - 21:49)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 21686
bugtraq
  • 20061220 Oracle Portal 10g HTTP Response Splitting
  • 20061220 Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting
  • 20061221 Re: Oracle Portal 10g HTTP Response Splitting
fulldisc
  • 20061220 Oracle Portal 10g HTTP Response Splitting
  • 20061220 Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting
secunia 23461
sreason 2057
vupen ADV-2006-5124
Last major update 17-10-2018 - 21:49
Published 22-12-2006 - 02:28
Last modified 17-10-2018 - 21:49
Back to Top