Lucene search

[email protected]NVD:CVE-2006-6697

HistoryDec 22, 2006 - 2:28 a.m.

CVE-2006-6697

2006-12-2202:28:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

0.023

Percentile

89.8%

JSON

CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.

Affected configurations

Nvd

Node

oracleapplication_server_portalMatch9.0.2

oracleapplication_server_portalMatch10g

VendorProductVersionCPE
oracleapplication_server_portal9.0.2cpe:2.3:a:oracle:application_server_portal:9.0.2:*:*:*:*:*:*:*
oracleapplication_server_portal10gcpe:2.3:a:oracle:application_server_portal:10g:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	application_server_portal	9.0.2	cpe:2.3:a:oracle:application_server_portal:9.0.2:::::::*
oracle	application_server_portal	10g	cpe:2.3:a:oracle:application_server_portal:10g:::::::*

References

marc.info/?l=full-disclosure&m=116664018702238&w=2

marc.info/?l=full-disclosure&m=116666155824901&w=2

secunia.com/advisories/23461

securityreason.com/securityalert/2057

www.securityfocus.com/archive/1/454945/100/0/threaded

www.securityfocus.com/archive/1/454965/100/0/threaded

www.securityfocus.com/archive/1/455106/100/0/threaded

www.securityfocus.com/bid/21686

www.vupen.com/english/advisories/2006/5124

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

0.023

Percentile

89.8%

JSON

Related for NVD:CVE-2006-6697

exploitdb1 cvelist2 cve2 nvd1