Oracle.Portal.Calendar.JSP.Multiple.HTTP.Response.Splitting
Description
Oracle Application Server has a multiple HTTP response-splitting vulnerability. A remote attacker could influence or misrepresent how web content is served, cached, or interpreted via a CRLF sequences in the enc parameter in "webapp/jsp/calendar.jsp" request.
Affected Products
Oracle Application Server 10g
Impact
Gain Access
Recommended Actions
Currently we are not aware of any vendor-supplied patches for this issue.
http://www.oracle.com
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |