PT-2006-7298 · Oracle · Oracle Portal

Brian

Published

2006-12-22

Updated

2018-10-17

CVE-2006-6697

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Oracle Portal versions prior to 10g

Description: The issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter in the /webapp/jsp/calendar.jsp endpoint.

Recommendations: For Oracle Portal versions prior to 10g, update to a version that is not affected by this issue to prevent HTTP response splitting attacks.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-6697

Affected Products

Oracle Portal

PT-2006-7298 · Oracle · Oracle Portal

CVE-2006-6697

Related Identifiers

Affected Products

References · 11