Vulnerabilities > Oracle > Application Server Portal > 9.0.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-12-23 | CVE-2006-6699 | Remote Security vulnerability in Oracle Application Server Portal 9.0.2 Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. | 5.0 |
2006-12-22 | CVE-2006-6697 | HTTP Response Splitting vulnerability in Oracle Application Server Portal 10G/9.0.2 CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter. | 7.5 |