Exploitation Summary
EIP tracks 1 public exploit for CVE-2006-6697. PoCs published by putosoft softputo.
AI-analyzed exploit summary This exploit demonstrates an HTTP response-splitting vulnerability in Oracle Portal by injecting CRLF characters and arbitrary script tags into the 'enc' parameter of the calendar.jsp endpoint. It allows an attacker to manipulate HTTP responses and potentially execute arbitrary script code in the context of a victim's browser.
Description
CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.
Exploits (1)
This exploit demonstrates an HTTP response-splitting vulnerability in Oracle Portal by injecting CRLF characters and arbitrary script tags into the 'enc' parameter of the calendar.jsp endpoint. It allows an attacker to manipulate HTTP responses and potentially execute arbitrary script code in the context of a victim's browser.