CVE-2006-6699

Published: Dec 23, 2006Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. NOTE: the calendar.jsp vector is covered by CVE-2006-6697.

Affected (1)

Products: Oracle: Application Server Portal

Oracle

1 product

Application Server Portal

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Application Server Portal	Version 9.0.2

References (2)

http://www.securityfocus.com/archive/1/455106/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/455106/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.