Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-6697

10 documents6 sources

Severity

7.5HIGH

EPSS

34.3%

top 3.02%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Oracle Application Server Portal

Timeline

PublishedDec 22

Latest updateMay 1

Description

CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDoracle/application10g, 9.0.2+1

🔴Vulnerability Details

GHSA

GHSA-qqq4-23w2-fg8f: CRLF injection vulnerability in webapp/jsp/calendar↗2022-05-01

▶

CVEList

CVE-2006-6697: CRLF injection vulnerability in webapp/jsp/calendar↗2006-12-22

▶

💥Exploits & PoCs

Exploit-DB

Oracle Portal 9.0.2 - Calendar.jsp Multiple HTTP Response Splitting Vulnerabilities↗2006-12-20

▶

📋Vendor Advisories

Red Hat

SDL_image: GIF handling buffer overflow↗2008-01-23

▶

💬Community

Bugzilla

CVE-2008-1373 cups: overflow in gif image filter↗2008-03-20

▶

Bugzilla

CVE-2008-0553 tk: GIF handling buffer overflow↗2008-02-05

▶

Bugzilla

CVE-2008-0554 netpbm: GIF handling buffer overflow in giftopnm↗2008-02-05

▶

Bugzilla

CVE-2008-0553 tk: GIF handling buffer overflow [rawhide]↗2008-02-05

▶