Vulnerability Description
Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. NOTE: the calendar.jsp vector is covered by CVE-2006-6697.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Application Server Portal | 9.0.2 |
References
- http://www.securityfocus.com/archive/1/455106/100/0/threaded
- http://www.securityfocus.com/archive/1/455106/100/0/threaded
FAQ
What is CVE-2006-6699?
CVE-2006-6699 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF ...
How severe is CVE-2006-6699?
CVE-2006-6699 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6699?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Application Server Portal.