Lucene search
MitreCVE-2006-6699HistoryDec 23, 2006 - 1:28 a.m.
CVE-2006-6699
2006-12-2301:28:00
mitre
web.nvd.nist.gov
26
cve
crlf injection
oracle portal
http response splitting
security vulnerability
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.9
Confidence
Low
EPSS
0.023
Percentile
90.0%
Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. NOTE: the calendar.jsp vector is covered by CVE-2006-6697.
Affected configurations
Node
oracleapplication_server_portalMatch9.0.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| oracle | application_server_portal | 9.0.2 | cpe:2.3:a:oracle:application_server_portal:9.0.2:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2006-6699
2006-12-23 01:28:00
CVE-2006-6697
2006-12-22 02:28:00
cvelist
cvelist
CVE-2006-6699
2006-12-23 01:00:00
CVE-2006-6697
2006-12-22 02:00:00
exploitdb
exploitdb
cve
cve
CVE-2006-6697
2006-12-22 02:28:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
6.9
Confidence
Low
EPSS
0.023
Percentile
90.0%
Related for CVE-2006-6699