Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. NOTE: the calendar.jsp vector is covered by CVE-2006-6697.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Oracle Portal 多个跨站请求伪造漏洞
Vulnerability Description
Oracle Portal 9.0.2及可能其他版本中存在多个CRLF注入漏洞,远程攻击者可以通过传给(1)calendarDialog.jsp或(2)fred.jsp的enc参数中的CRLF序列来注入任意HTTP报头并执行HTTP响应拆分攻击。
CVSS Information
N/A
Vulnerability Type
N/A