CVE-2006-6697 Information

Description

CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier including 9.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.

Reference

http://marc.info/?l=full-disclosure&m=116664018702238&w=2 http://marc.info/?l=full-disclosure&m=116666155824901&w=2 http://secunia.com/advisories/23461 http://securityreason.com/securityalert/2057 http://www.securityfocus.com/archive/1/454945/100/0/threaded http://www.securityfocus.com/archive/1/454965/100/0/threaded http://www.securityfocus.com/archive/1/455106/100/0/threaded http://www.securityfocus.com/bid/21686 http://www.vupen.com/english/advisories/2006/5124