Описание
CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.
Ссылки
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:oracle:application_server_portal:9.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server_portal:10g:*:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.34319
Средний
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.
EPSS
Процентиль: 97%
0.34319
Средний
7.5 High
CVSS2
Дефекты
NVD-CWE-Other