Oracle.Portal.Calendar.JSP.Multiple.HTTP.Response.Splitting

description-logoDescription

Oracle Application Server has a multiple HTTP response-splitting vulnerability. A remote attacker could influence or misrepresent how web content is served, cached, or interpreted via a CRLF sequences in the enc parameter in "webapp/jsp/calendar.jsp" request.

affected-products-logoAffected Products

Oracle Application Server 10g

Impact logoImpact

Gain Access

recomended-action-logoRecommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://www.oracle.com

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)