CVE-2006-6697
CVE-2006-6697 describes a CRLF injection in Oracle Portal 10g and earlier (including 9.0.2) via webapp/jsp/calendar.jsp where an attacker can inject arbitrary HTTP headers and trigger HTTP response splitting by manipulating the enc parameter. Related entries note that CVE-2006-6699’s calendar.jsp...