CVE-2006-6697
published 2006-12-22CVE-2006-6697: CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
10.32%
95.1th percentile
CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | application_server_portal | — | — |
| oracle | application_server_portal | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat2.6LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c6cw-5g44-fvqr: Multiple CRLF injection vulnerabilities in Oracle Portal 9
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2006-6699 [HIGH] GHSA-c6cw-5g44-fvqr: Multiple CRLF injection vulnerabilities in Oracle Portal 9
Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. NOTE: the calendar.jsp vector is covered by CVE-2006-6697.
GHSA
GHSA-qqq4-23w2-fg8f: CRLF injection vulnerability in webapp/jsp/calendar
ghsa_unreviewed·2022-05-01
CVE-2006-6697 [HIGH] GHSA-qqq4-23w2-fg8f: CRLF injection vulnerability in webapp/jsp/calendar
CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.
Red Hat
SDL_image: GIF handling buffer overflow
vendor_redhat·2008-01-23·CVSS 2.6
CVE-2007-6697 [LOW] SDL_image: GIF handling buffer overflow
SDL_image: GIF handling buffer overflow
Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, a similar issue to CVE-2006-4484. NOTE: some of these details are obtained from third party information.
No detection rules found.
Bugzilla
CVE-2008-1373 cups: overflow in gif image filter
bugzilla·2008-03-20·CVSS 2.6
CVE-2008-1373 [LOW] CVE-2008-1373 cups: overflow in gif image filter
CVE-2008-1373 cups: overflow in gif image filter
It was discovered that GIF parsing code used by CUPS printing system is affected
by similar issue as GIF parsers used by gd / netpbm / tk / SDL_image.
Value of code_size read from GIF image is not properly validate before being
used to initialize table array in gif_read_lzw(), causing a static buffer overflow.
Issue is similar to:
CVE-2006-4484 (gd), CVE-2007-6697 (SDL_image), CVE-2008-0553 (tk), CVE-2008-0554
(netpbm)
Discussion:
Created attachment 298680
Proposed patch
Similar to fixed used in gd / tk / netpbm / SDL_image.
---
Tracked upstream via: http://www.cups.org/str.php?L2765
---
cups-1.2.12-10.fc7 has been submitted as an update for Fedora 7
---
cups-1.3.6-4.fc8 has been pushed to the Fedora 8 stable repository. If probl
Bugzilla
CVE-2008-0553 tk: GIF handling buffer overflow
bugzilla·2008-02-05·CVSS 2.6
CVE-2008-0553 [LOW] CVE-2008-0553 tk: GIF handling buffer overflow
CVE-2008-0553 tk: GIF handling buffer overflow
tk GIF handling code is based on the same code as used by gd and SDL_image and
is affected by the overflow known as CVE-2006-4484 and CVE-2007-6697.
ReadImage function in tkImgGIF.c does not properly check the value of
initialCodeSize value read from GIF image before using it as upper bound during
the initialization of append array. This can result in stack buffer overflow.
Upstream fix:
http://tktoolkit.cvs.sourceforge.net/tktoolkit/tk/generic/tkImgGIF.c?r1=1.40&r2=1.41
This is expected to be included in upstream tk version 8.5.1.
Related issues:
CVE-2006-4484 (gd), CVE-2007-6697 (SDL_image), CVE-2008-0554 (netpbm)
Discussion:
perl-Tk uses embedded copy of tk source code and is affected by this problem
too. Adding perl-Tk maintainers t
Bugzilla
CVE-2008-0554 netpbm: GIF handling buffer overflow in giftopnm
bugzilla·2008-02-05·CVSS 2.6
CVE-2008-0554 [LOW] CVE-2008-0554 netpbm: GIF handling buffer overflow in giftopnm
CVE-2008-0554 netpbm: GIF handling buffer overflow in giftopnm
GIF handling code used in netpbm's giftopnm converter is based on the same code
as used by gd and SDL_image and is affected by the overflow known as
CVE-2006-4484 and CVE-2007-6697.
readImageData function in giftopnm.c does not properly check the value of
lzwMinCodeSize value read from GIF image before passing it to lzwInit, which
uses it as upper bound during the initialization of fixed sized table array,
leading to a buffer overflow.
This issue was fixed in upstream version 10.27. Code checking the value is in
the initial giftopnm.c revision in projects public SVN repository:
http://netpbm.svn.sourceforge.net/viewvc/netpbm/trunk/converter/other/giftopnm.c?revision=1&view=markup#l_1052
This issue does not affect netpbm pa
Bugzilla
CVE-2008-0553 tk: GIF handling buffer overflow [rawhide]
bugzilla·2008-02-05·CVSS 2.6
CVE-2008-0553 [LOW] CVE-2008-0553 tk: GIF handling buffer overflow [rawhide]
CVE-2008-0553 tk: GIF handling buffer overflow [rawhide]
+++ This bug was initially created as a clone of Bug #431518 +++
tk GIF handling code is based on the same code as used by gd and SDL_image and
is affected by the overflow known as CVE-2006-4484 and CVE-2007-6697.
ReadImage function in tkImgGIF.c does not properly check the value of
initialCodeSize value read from GIF image before using it as upper bound during
the initialization of append array. This can result in stack buffer overflow.
Upstream fix:
http://tktoolkit.cvs.sourceforge.net/tktoolkit/tk/generic/tkImgGIF.c?r1=1.40&r2=1.41
This is expected to be included in upstream tk version 8.5.1.
Related issues:
CVE-2006-4484 (gd), CVE-2007-6697 (SDL_image), CVE-2008-0554 (netpbm)
-- Additional comment from [email protected] on
http://marc.info/?l=full-disclosure&m=116664018702238&w=2http://marc.info/?l=full-disclosure&m=116666155824901&w=2http://secunia.com/advisories/23461http://securityreason.com/securityalert/2057http://www.securityfocus.com/archive/1/454945/100/0/threadedhttp://www.securityfocus.com/archive/1/454965/100/0/threadedhttp://www.securityfocus.com/archive/1/455106/100/0/threadedhttp://www.securityfocus.com/bid/21686http://www.vupen.com/english/advisories/2006/5124http://marc.info/?l=full-disclosure&m=116664018702238&w=2http://marc.info/?l=full-disclosure&m=116666155824901&w=2http://secunia.com/advisories/23461http://securityreason.com/securityalert/2057http://www.securityfocus.com/archive/1/454945/100/0/threadedhttp://www.securityfocus.com/archive/1/454965/100/0/threadedhttp://www.securityfocus.com/archive/1/455106/100/0/threadedhttp://www.securityfocus.com/bid/21686http://www.vupen.com/english/advisories/2006/5124
2006-12-22
Published