CVE-2006-6699 in Application Server Portal信息

摘要

由 VulDB • 2026-05-21

Oracle Portal 9.0.2 及可能其他版本中存在多个 CRLF 注入漏洞,远程攻击者可通过在 enc 参数中构造 CRLF 序列,向 (1) calendarDialog.jsp 或 (2) fred.jsp 注入任意 HTTP 头部并实施 HTTP 响应拆分攻击。注意:calendar.jsp 攻击向量已由 CVE-2006-6697 覆盖。

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

来源

Do you want to use VulDB in your project?

Use the official API to access entries easily!