Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Oracle Portal 'calendar.jsp'HTTP响应拆分漏洞
Vulnerability Description
Oracle Fusion Middleware(Oracle融合中间件)是美国甲骨文(Oracle)公司的一套面向企业和云环境的业务创新平台。Oracle Portal是其中的一个用于建立企业信息门户的集成环境。 Oracle Portal响应数据的处理上存在拆分漏洞,远程攻击者可能利用此漏洞在用户机器上执行恶意脚本。 Oracle Portal的/webapp/jsp/calendar.jsp文件没有正确过滤enc参数的输入,攻击者在请求响应中注入任意HTTP头,通过enc参数中的CRLF序列执行HT
CVSS Information
N/A
Vulnerability Type
N/A