Intrusion Prevention

Oracle.Portal.Calendar.JSP.Multiple.HTTP.Response.Splitting

Description

Oracle Application Server has a multiple HTTP response-splitting vulnerability. A remote attacker could influence or misrepresent how web content is served, cached, or interpreted via a CRLF sequences in the enc parameter in "webapp/jsp/calendar.jsp" request.

Affected Products

Oracle Application Server 10g

Impact

Gain Access

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://www.oracle.com

CVE References

CVE-2006-6697