CVE-2006-6699

3 documents3 sources

Severity

5.0MEDIUM

EPSS

0.3%

top 43.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Application Server Portal

Timeline

PublishedDec 23

Latest updateMay 1

Description

Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. NOTE: the calendar.jsp vector is covered by CVE-2006-6697.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDoracle/application9.0.2

🔴Vulnerability Details

GHSA

GHSA-c6cw-5g44-fvqr: Multiple CRLF injection vulnerabilities in Oracle Portal 9↗2022-05-01

▶

CVEList

CVE-2006-6699: Multiple CRLF injection vulnerabilities in Oracle Portal 9↗2006-12-23

▶