CVE-2006-6697

2006-12-22T02:28:00
ID CVE-2006-6697
Type cve
Reporter cve@mitre.org
Modified 2018-10-17T21:49:00

Description

CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.