CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Application_server_portal | Oracle | 9.0.2 (including) | 9.0.2 (including) |
| Application_server_portal | Oracle | 10g (including) | 10g (including) |