Lucene search

[email protected]NVD:CVE-2006-6699

HistoryDec 23, 2006 - 1:28 a.m.

CVE-2006-6699

2006-12-2301:28:00

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.9

Confidence

Low

EPSS

0.023

Percentile

90.0%

JSON

Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. NOTE: the calendar.jsp vector is covered by CVE-2006-6697.

Affected configurations

Nvd

Node

oracleapplication_server_portalMatch9.0.2

VendorProductVersionCPE
oracleapplication_server_portal9.0.2cpe:2.3:a:oracle:application_server_portal:9.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
oracle	application_server_portal	9.0.2	cpe:2.3:a:oracle:application_server_portal:9.0.2:::::::*

References

www.securityfocus.com/archive/1/455106/100/0/threaded

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.9

Confidence

Low

EPSS

0.023

Percentile

90.0%

JSON

Related for NVD:CVE-2006-6699

cvelist2 cve2 nvd1 exploitdb1