CVE-2006-6697

2006-12-21T21:28:00
ID CVE-2006-6697
Type cve
Reporter NVD
Modified 2016-10-17T23:42:27

Description

CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.