Lucene search

[email protected]CVE-2006-6697

HistoryDec 22, 2006 - 2:28 a.m.

CVE-2006-6697

2006-12-2202:28:00

[email protected]

web.nvd.nist.gov

cve-2006-6697

crlf injection

oracle portal 10g

http response splitting

security vulnerability

6.5 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.02 Low

EPSS

Percentile

88.8%

JSON

CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.

Affected configurations

NVD

Node

oracleapplication_server_portalMatch9.0.2

oracleapplication_server_portalMatch10g

CPENameOperatorVersion
oracle:application_server_portaloracle application server portaleq9.0.2
oracle:application_server_portaloracle application server portaleq10g

CPE	Name	Operator	Version
oracle:application_server_portal	oracle application server portal	eq	9.0.2
oracle:application_server_portal	oracle application server portal	eq	10g

References

marc.info/?l=full-disclosure&m=116664018702238&w=2

marc.info/?l=full-disclosure&m=116666155824901&w=2

secunia.com/advisories/23461

securityreason.com/securityalert/2057

www.securityfocus.com/archive/1/454945/100/0/threaded

www.securityfocus.com/archive/1/454965/100/0/threaded

www.securityfocus.com/archive/1/455106/100/0/threaded

www.securityfocus.com/bid/21686

www.vupen.com/english/advisories/2006/5124

6.5 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.02 Low

EPSS

Percentile

88.8%

JSON

Related for CVE-2006-6697

nvd2 cvelist2 cve1